5) easier said than done as uRPF checks are done solely at layer-3 and nobody wants to send rejected packets to the route processor, don't we?
-----Original Message----- From: ipv6-wg-admin@ripe.net [mailto:ipv6-wg-admin@ripe.net] On Behalf Of Gert Doering Sent: lundi 25 juillet 2011 05:43 To: Sander Steffann Cc: Christian Seitz; ipv6-wg@ripe.net Subject: Re: [ipv6-wg] not announcing IXP IPv6 peering lan prefixes in global BGP table possibly breaks PMTUD
Hi,
On Mon, Jul 25, 2011 at 11:37:05AM +0200, Sander Steffann wrote:
5) ?
Adapt uRPF so that it does't filter ICMP error messages. Whether this is useful depends on how much ICMP error messages with unreachable source addresses we expect to see? When people/organizations start to use ULA addresses it might be more than we see now.
Indeed this sounds like a good "option #5".
Christian, can your gear do IPv6-uRPF-with-permit-ACLs in Hardware?
(My gear can only do IPv6-uRPF in software, no matter what options I use, so we currently filter by ACL)
Gert Doering -- NetMaster -- have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279