[128929] in North American Network Operators' Group
Re: Should routers send redirects by default?
daemon@ATHENA.MIT.EDU (Christopher Morrow)
Fri Aug 20 17:12:01 2010
In-Reply-To: <B003B2B2-59F8-4F03-9A25-3E1E90850E99@puck.nether.net>
Date: Fri, 20 Aug 2010 17:11:55 -0400
From: Christopher Morrow <christopher.morrow@gmail.com>
To: Jared Mauch <jared@puck.nether.net>
Cc: nanog list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Fri, Aug 20, 2010 at 4:03 PM, Jared Mauch <jared@puck.nether.net> wrote:
>
> On Aug 20, 2010, at 3:56 PM, Butch Evans wrote:
>
>> On Fri, 2010-08-20 at 13:20 -0400, Christopher Morrow wrote:
>>> Polling a little bit here, there's an active discussion going on
>>> 6man@ietf about whether or not v6 routers should:
>>> =A0o be required to implement ip redirect functions (icmpv6 redirect)
>>> =A0o be sending these by default
>>
>> I do not currently have an IPv6 deployment, so my input may be lacking
>> in real usefulness here. =A0With IPv4, however, I have been a little
>> irritated at a few situations where I NEEDED this to work and it did not
>> (certain PIX routers come to mind here). =A0There are risks involved wit=
h
>> ANY "automated" type traffic to be sure, but for my money, it SHOULD be
>> possible to configure every router to support the network needs. =A0So f=
or
>> my money, I'd suggest:
>>
>> * routers MUST support ip redirect
>> * "default" configurations irrelevant to me
>>
>> I do agree with one or two of the other posters that it should not be
>> within the purview of the IETF to "mandate" these defaults. =A0Each of u=
s
>> will learn the defaults of the particular gear we use and can adjust
>> config templates to match, given the needs of the network we are
>> deploying. =A0Just my $0.02 (may be worth less than that) =A0:-)
>
> One of the challenges is that some vendors have a poor track-record of
> documenting these defaults. =A0this means unless you frequently sample
and changing them... so, picking a good default I think is important.
You'd prefer less config headaches I bet vs having to constantly hack
templates?
> your network traffic, you may not see your device sending decnet mop
> messages, or ipv6 redirects :)
>
> Personally (and as the instigator in the ipv6/6man discussion) if the
yes thanks! :) (just following a path as requested by another 6man person)
> vendors could be trusted to expose their default settings in their
> configs, i would find a default of ON to be more acceptable. =A0As their
> track-record is poor, and the harm has been realized in the network we
> operate (at least), I am advocating that as a matter of policy enabling
> redirects not be a default-on policy. =A0If people want to hang themselve=
s
> that's their problem, but at least they won't come with a hidden noose
> around their neck.
yes, that was my point as well.
-chris
> - Jared
>
