[134609] in North American Network Operators' Group
Re: NIST IPv6 document
daemon@ATHENA.MIT.EDU (Owen DeLong)
Fri Jan 7 17:17:23 2011
From: Owen DeLong <owen@delong.com>
In-Reply-To: <Pine.LNX.4.64.1101071005580.31363@whammy.cluebyfour.org>
Date: Fri, 7 Jan 2011 14:15:59 -0800
To: "Justin M. Streiner" <streiner@cluebyfour.org>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jan 7, 2011, at 7:12 AM, Justin M. Streiner wrote:
> On Thu, 6 Jan 2011, Jeff Wheeler wrote:
>=20
>> On Thu, Jan 6, 2011 at 8:47 PM, Owen DeLong <owen@delong.com> wrote:
>>> 1. Block packets destined for your point-to-point links at your
>>> borders. There's no legitimate reason someone should be
>>=20
>> Most networks do not do this today. Whether or not that is wise is
>> questionable, but I don't think those networks want NDP to be the
>> reason they choose to make this change.
>=20
> Correct me if I'm wrong, but wouldn't blocking all traffic destined =
for your infrastructure at the borders also play havoc with PTMUD? =
Limiting the traffic allowed to just the necessary types would seem like =
a reasonable alternative.
>=20
> jms
It would only play havoc if your infrastructure is originating packets =
destined
to the outside world from it's link addresses.
Generally this shouldn't happen.
Remember, I'm only blocking traffic TO the point-to-point LINK networks.
Not to the servers, loopbacks, etc.
Owen
