[135492] in North American Network Operators' Group
Re: IPv6 filtering
daemon@ATHENA.MIT.EDU (Roland Dobbins)
Wed Jan 26 00:14:50 2011
From: Roland Dobbins <rdobbins@arbor.net>
In-Reply-To: <32507261.286.1296018229100.JavaMail.franck@franck-martins-macbook-pro.local>
Date: Wed, 26 Jan 2011 12:13:26 +0700
To: nanog group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jan 26, 2011, at 12:03 PM, Franck Martin wrote:
> Ok filtering ipv6 and ipv6-icmp is understood, it is like ipv4.=20
Be advised, ICMPv6 is *not* like ICMP in IPv4, and knowing what can be =
filtered, what to filter, and where to filter it is considerably more =
complex than in IPv4 - which, given the prevalence of broken PMTU-D =
alone, is apparently not well-understood in many quarters, heh.
------------------------------------------------------------------------
Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
Most software today is very much like an Egyptian pyramid, with millions
of bricks piled on top of each other, with no structural integrity, but
just done by brute force and thousands of slaves.
-- Alan Kay
