[194589] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: BCP for securing IPv6 Linux end node in AWS

daemon@ATHENA.MIT.EDU (Rich Kulawiec)
Mon May 15 06:57:13 2017

X-Original-To: nanog@nanog.org
Date: Mon, 15 May 2017 06:57:09 -0400
From: Rich Kulawiec <rsk@gsp.org>
To: nanog list <nanog@nanog.org>
In-Reply-To: <30DE8DBE-D609-492C-A0F6-E65543AD0BC9@semperen.com>
Errors-To: nanog-bounces@nanog.org

On Sun, May 14, 2017 at 09:29:45AM -0400, Eric Germann wrote:
> I???ve reviewed some of the stuff out there, but apparently I???m
> catching too many of the ICMP types in the rejection as routing eventually
> breaks.  My guess is router discovery gets broken by too tight of filters.

That's a good guess, but I would also guess that path MTU discovery
may be breaking.  (Or not.)  I think you may want to implement RFC 4890,
with a look at RFC 4443.

---rsk


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[194589] in North American Network Operators' Group

Re: BCP for securing IPv6 Linux end node in AWS

daemon@ATHENA.MIT.EDU (Rich Kulawiec)Mon May 15 06:57:13 2017

daemon@ATHENA.MIT.EDU (Rich Kulawiec)
Mon May 15 06:57:13 2017