[171114] in North American Network Operators' Group
Re: Requirements for IPv6 Firewalls
daemon@ATHENA.MIT.EDU (William Herrin)
Fri Apr 18 14:21:14 2014
In-Reply-To: <53516999.5080605@per.reau.lt>
From: William Herrin <bill@herrin.us>
Date: Fri, 18 Apr 2014 14:20:20 -0400
To: Simon Perreault <simon@per.reau.lt>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Fri, Apr 18, 2014 at 2:06 PM, Simon Perreault <simon@per.reau.lt> wrote:
> IMHO, what the IETF can do is recommend a set of behavioural traits that
> make IPv6 firewalls behave like good citizens in the Internet ecosystem.
> Meaning that a firewall that obeys those requirements will not break the
> Internet. For example, passing ICMPv6 Too Big messages is important to
> not break the Internet.
That would either be a very short document or a document so
ideologically loaded that it has no technical utility. The Internet is
pretty resilient. There isn't much a firewall can do to break it.
Regards,
Bill Herrin
--
William D. Herrin ................ herrin@dirtside.com bill@herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004
