I am not saying otherwise. as
Sent from my mobile device (please excuse typos and brevity) On 24 Nov 2011, at 08:56, Cameron Byrne <[email protected]> wrote: > > On Nov 24, 2011 1:36 AM, "Arturo Servin" <[email protected]> wrote: > > > > > > <snip> > > > > On 24 Nov 2011, at 07:20, Eugen Leitl wrote: > > > >> as the > >> fc00::/7 addresses will not be routed beyond that, correct? > > > > <snip> > > > > Incorrect or not necessary. > > > > No > > > ULAs are just as any other unicast addresses. As technical community we had > > agreed to not route it in the internet, but If you leak it and somebody > > else routes it, you are fried. > > > > No, this rfc defined behavior. Please check your facts. > > It is the same situation as rfc 1918 leaking. Saying that it is in any way > different from rfc 1918 is misleading people. Ula is not in the dfz and if > it got leaked it would be fixed , just like 10/8. > > Both ula and rfc 1918 should be part of any inter domain ingress and egress > filtering. > > If you want to keep pushing that there is an operational difference from a > routing policy perspective, cite some facts > > From rfc 4193 > > Site border routers and firewalls should be configured to not forward any > packets with Local IPv6 source or destination addresses outside of the site, > unless they have been explicitly configured with routing information about > specific /48 or longer Local IPv6 prefixes. This will ensure that packets > with Local IPv6 destination addresses will not be forwarded outside of the > site via a default route. The default behavior of these devices should be to > install a "reject" route for these prefixes. > ..... And...... > > > If BGP is being used at the site border with an ISP, the default BGP > configuration must filter out any Local IPv6 address prefixes, both incoming > and outgoing. It must be set both to keep any Local IPv6 address prefixes > from being advertised outside of the site as well as to keep these prefixes > from being learned from another site > Cb > > /as > > > >
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
