[128962] in North American Network Operators' Group
Re: Should routers send redirects by default?
daemon@ATHENA.MIT.EDU (Jared Mauch)
Sat Aug 21 10:27:12 2010
From: Jared Mauch <jared@puck.nether.net>
In-Reply-To: <AANLkTimDsiJ5EBtBzzUs7Uy5kmTzNfMSrBmBeA+iQPJ1@mail.gmail.com>
Date: Sat, 21 Aug 2010 10:26:59 -0400
To: Yann GAUTERON <yann.gauteron@gmail.com>
Cc: nanog list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Aug 21, 2010, at 2:11 AM, Yann GAUTERON wrote:
>=20
>=20
> 2010/8/20 Jared Mauch <jared@puck.nether.net>
>=20
> Personally (and as the instigator in the ipv6/6man discussion) if the
> vendors could be trusted to expose their default settings in their
> configs, i would find a default of ON to be more acceptable. As their
> track-record is poor, and the harm has been realized in the network we
> operate (at least), I am advocating that as a matter of policy =
enabling
> redirects not be a default-on policy. If people want to hang =
themselves
> that's their problem, but at least they won't come with a hidden noose
> around their neck.
>=20
> On Cisco routers (at least some of them), have you tried the command
> show running-config all
>=20
> This command displays all configuration, including hidden default =
values.
>=20
> This may help when this command is present.
>=20
> Don't know about other vendors.
This varies by IOS (software revision), and because not all devices=20
actually have the access to this "mainline" featureset due to when they
branched for their localized hardware support.
I certainly wish they could get there now, and it's better in the newer
access (CPE) hardware. While related, the larger problem IMHO is them
removing stuff like "show parser dump exec" and "show parser dump =
config".
I have been a supporter of exposed defaults for years, including "more =
secure"
and "more robust" defaults. The folks on the IETF list seem to think
that the existing rate-limit mechanics will protect the routers. We did =
not
arrive at these settings as a result of those rate-limits working =
properly
sadly.
- Jared=
