[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

BCP38 considerations in IPv6

Subject: BCP38 considerations in IPv6
From: marka at isc.org (Mark Andrews)
Date: Fri, 11 Feb 2011 08:50:46 +1100
In-reply-to: Your message of "Thu, 10 Feb 2011 16:34:04 CDT." <[email protected]>
References: <[email protected]>

In message <acd7c570039e58b67bbf64e467f4b12b at 192.168.152.50>, Ryan Rawdon writes
:
> 
> Hello NANOGers - 
> 
> What considerations should be made with respect to implementing egress
> filtering based on source IPv6 addresses? Things like allowing traffic
> sourced from fe80::/10 in said filters for on-link communication (for the
> interface that the filter is applied to).  Is there anything else that
> should be taken into account while implementing BCP38 egress filtering in
> IPv6?
> 
> Ryan

You should definitely make sure you block ULA prefixes leaving your
site by default.

e.g.
	add unreach admin all from any to fc00::/7 via gif0
	add unreach admin all from fc00::/7 to any via gif0
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

References:
- BCP38 considerations in IPv6
  - From: ryan at u13.net (Ryan Rawdon)

Prev by Date: IPv6 mistakes, was: Re: Looking for an IPv6 naysayer...
Next by Date: BCP38 considerations in IPv6
Previous by thread: BCP38 considerations in IPv6
Next by thread: BCP38 considerations in IPv6
Index(es):
- Date
- Thread