[128922] in North American Network Operators' Group
Re: Should routers send redirects by default?
daemon@ATHENA.MIT.EDU (Dobbins, Roland)
Fri Aug 20 13:57:01 2010
From: "Dobbins, Roland" <rdobbins@arbor.net>
To: NANOG list <nanog@nanog.org>
Date: Fri, 20 Aug 2010 17:56:51 +0000
In-Reply-To: <AANLkTimbJ4g7DigSBeToJR33NPF4CYrHzAgamTwPQd=k@mail.gmail.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Aug 21, 2010, at 12:20 AM, Christopher Morrow wrote:
> o routers are required to be able to send redirect messages
> o routers should NOT do this by default
I concur with this position from an opsec standpoint; at the same time, I d=
on't know that *mandating* a default configuration setting for a legal (if =
largely iatrogenic) mode of operation is something that the IETF should be =
doing.
Here's an alternate formulation which gets the point across, but doesn't st=
ray into the area of :
1. Routers are required to be able to send redirect messages.
2. It is recommended that routers should NOT do this by default.
As was mentioned somewhere in the 6man thread, the root of the problem has =
to do with the ugliness of IPv6 in general, and the whole v6 ICMP/ND mess i=
n particular. Unfortunately, those ships have long since sailed; while it'=
s tempting to try and retrofit fixes for poor design decisions in the funda=
mental protocol specifications by mandating sane implementation defaults in=
conformance documents, a recommendation rather than a mandate seems more s=
ituationally-appropriate in this context. =20
The 'right way', impractical though it may be, is in fact to fix this probl=
em is to go back and fix the protocol specifications; since that isn't goin=
g to happen, making recommendations gets the point across without being ove=
rbearing.
YMMV, of course.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
Injustice is relatively easy to bear; what stings is justice.
-- H.L. Mencken
