[134769] in North American Network Operators' Group
Re: NIST IPv6 document
daemon@ATHENA.MIT.EDU (Owen DeLong)
Mon Jan 10 18:08:47 2011
From: Owen DeLong <owen@delong.com>
In-Reply-To: <EMEW3|0ba540fb648edde02e3488297e052778n09DuW03tjc|ecs.soton.ac.uk|0B19C108-2B18-43E5-A4CF-9AFD421F4206@ecs.soton.ac.uk>
Date: Mon, 10 Jan 2011 15:04:23 -0800
To: Tim Chown <tjc@ecs.soton.ac.uk>
Cc: Nanog Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jan 10, 2011, at 5:56 AM, Tim Chown wrote:
>=20
> On 7 Jan 2011, at 15:12, Justin M. Streiner wrote:
>=20
>> On Thu, 6 Jan 2011, Jeff Wheeler wrote:
>>=20
>>> On Thu, Jan 6, 2011 at 8:47 PM, Owen DeLong <owen@delong.com> wrote:
>>>> 1. Block packets destined for your point-to-point links at =
your
>>>> borders. There's no legitimate reason someone should be
>>>=20
>>> Most networks do not do this today. Whether or not that is wise is
>>> questionable, but I don't think those networks want NDP to be the
>>> reason they choose to make this change.
>>=20
>> Correct me if I'm wrong, but wouldn't blocking all traffic destined =
for your infrastructure at the borders also play havoc with PTMUD? =
Limiting the traffic allowed to just the necessary types would seem like =
a reasonable alternative.
>=20
> Recommendations for PTMUD-friendly filtering are described in RFC =
4890.
>=20
> Tim
Unless my point-to-point links are originating packets to the outside =
world
(they should not be, in general), then I should not expect any PMTU-D
responses directed at them.
As such, blocking even those packets TO my point-to-point interfaces
should not be problematic.
Owen
