Hi On Fri 17. May 2024 at 13.05, Daniel Verlouw <[email protected]> wrote:
> Hi, > > On Thu, May 16, 2024 at 8:22 PM Antti Ristimäki via juniper-nsp > <[email protected]> wrote: > > I thought this issue had been resolved already years ago, but I > > noticed that JunOS still happily forwards IPv6 packets with link-local > > source address towards remote destinations. This of course violates > > RFC4291. Also recent JunOS releases seem broken, tested with e.g. 21.4 > > and 23.2. > > on MX: > set forwarding-options family inet6 source-checking > > refer to: > https://www.juniper.net/documentation/us/en/software/junos/cli-reference/topics/ref/statement/source-checking-edit-forwarding-options.html > Thank you for a pointer, i had somehow missed the existence of such knob. I accidentally replied Ytti unicast, so also to the list that yes, ND packets can be filtered by matching relevant icmpv6 types and HL=255, but nevertheless I’m pretty sure that a lot of people come surprised that by default link-local sourced packets are forwarded outside the link and it is not evident to all which hop limit different packets are specified to use. Antti _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
