On Thu, 21 Nov 2002, Michel Py wrote: > > Bob Hinden wrote: > > Another router issue that gets talked around is should > > packets with site-local destination be forwarded to > > "default". Given that site-local addresses are not > > created without being configured, one approach could be > > to have a "black hole" route for FEC0::/10 preconfigured > > in all routers.
For site-locals this seems like the only sane policy: 1) expect that someone will very probably filter them if you send them out of the site 2) expect that site-local packets will arrive at your site from outside "trust no one" is an absolute requirement. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
