Filtering ULA?
Pekka Savola
pekkas at netcore.fi
Mon Sep 22 22:31:39 CEST 2008
(re-send due to list change)
On Mon, 22 Sep 2008, Iljitsch van Beijnum wrote:
> As for the packets: what if someone generates an ICMP too big message with a
> ULA source address? That could happen. It would be really bad if people
> filtered out those packets because that creates PMTUD black holes.
Sometimes folks (usually from a network X using RFC1918 space internally) start
complaining about network Y breaking PMTUD because they filter RFC1918 or some
other bogus addresses on the border. As if network X had some $DEITY given
right to break connectivity by exposing RFC1918 addresses to the outside and
expecting the others to special-case around their brokenness.
If it isn't routed, it's bogus and should be dropped. If you expose unroutable
address space to outside, don't make it others' fault if it causes breakage.
The same applies to ULA space IMHO. (And that's what the spec says as well.)
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
More information about the ipv6-ops
mailing list