[152372] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: JUNOS forwards IPv6 link-local packets

daemon@ATHENA.MIT.EDU (Jack Bates)
Fri Apr 27 10:40:28 2012

Date: Fri, 27 Apr 2012 09:39:47 -0500
From: Jack Bates <jbates@brightok.net>
To: nanog@nanog.org
In-Reply-To: <20120427142607.GB29251@hiwaay.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org

On 4/27/2012 9:26 AM, Chris Adams wrote:
> I don't think that will work, because there's an automatic direct 
> route for fe80::/64 to all interfaces with family inet6 configured. 
> The only way I see around it is to apply a firewall filter to all IPv6 
> interfaces that blocks anything with a source in fe80::/64 and 
> destination _not_ in fe80::/64. 

fe80::/65 discard
fe80:0:0:0:8000::/65 discard

More specifics rule out over connected any day.


Jack


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[152372] in North American Network Operators' Group

Re: JUNOS forwards IPv6 link-local packets

daemon@ATHENA.MIT.EDU (Jack Bates)Fri Apr 27 10:40:28 2012

daemon@ATHENA.MIT.EDU (Jack Bates)
Fri Apr 27 10:40:28 2012