BCP38 is not just for IPv4

Phil Mayers p.mayers at imperial.ac.uk
Thu Mar 28 12:16:57 CET 2013


On 03/28/2013 11:03 AM, Nick Hilliard wrote:
> On 28/03/2013 11:01, Mike Jones wrote:
>> To throw a small data point out there, I have had several server/VPS
>> providers who all (but one) performed filtering on v4, but nearly all
>> forgot it with v6 (some have since done it).
>
> As always, beware hardware limitations (i.e. looking at sup720 / rsp720 in
> particular).  ACLs only for ipv6 urpf on this platform.

And, somewhat annoyingly, that platform also has ACL limitatons 
(specifically, you can't have >512 unique ACLs on interfaces, so if you 
have >512 interfaces, you're hosed).

I am curious to know if people are using "second best" spoof protections 
of having a single big egress ACL at the points leaving their network 
containing all expected source addresses, or even if they're doing both.



More information about the ipv6-ops mailing list