On 30 May 2013, at 07:23, Jeroen Massar <[email protected]> wrote: > On 2013-05-29 23:19, Eric Vyncke (evyncke) wrote: >> I do not mind too much getting packets with a ULA as source address; >> not perfect but I can live with those packets > > Hmm, you say till the day you receive a 100G of spoofed packets... and > that is what they are as nobody is able to claim they "own" those prefixes.
Would be interesting to see how much IPv6 traffic hits the DNS roots from link-local or ULA sources. Anyone have any info? >> (BTW, my own >> residential firewall at home drops all packets whose source is not in >> 2000::/3 and it drops/logs a couple of ULA per week...). > > Just showing that quite a few networks are not doing uRPF. I think last year's Arbor survey showed this at 55% implementation, but IPv6 was not included iirc. >> But, being able to receive those packets with an invalid source, this >> is what really matters: no BCP 38 implemented between you and the >> ULA. BAD BAD... > > Fully agree, hence why I raised this on the list as a great example why > people should check for BCP38 and also require that from their peers and > transits (bit trickier for those folks typically, but theoretically also > doable for variances of doable). Indeed. Including doing so in the wide variety of transition/tunnelling methods out there. Tim
