I noticed some (anti-spoofing) IPv6 filter drops got logged, so I went to track down the source of the problem. Annoyingly, the source address was a link-local address (although the destination addresses were on the Internet). I tracked down the source (only because I don't have a lot of IPv6 traffic yet).
My question is this: why is a packet with a link-local source forwarded at all? I have uRPF enabled on the interface, but I guess since fe80::/64 is considered a valid route for all IPv6 interfaces, uRPF won't catch that. Is there any practical way to turn off link-local forwarding, other than to apply filters to every interface? Or am I just missing something obvious? -- Chris Adams <[email protected]> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble. _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
