On Fri, Aug 20, 2010 at 4:03 PM, Jared Mauch <ja...@puck.nether.net> wrote: > > On Aug 20, 2010, at 3:56 PM, Butch Evans wrote: > >> On Fri, 2010-08-20 at 13:20 -0400, Christopher Morrow wrote: >>> Polling a little bit here, there's an active discussion going on >>> 6...@ietf about whether or not v6 routers should: >>> o be required to implement ip redirect functions (icmpv6 redirect) >>> o be sending these by default >> >> I do not currently have an IPv6 deployment, so my input may be lacking >> in real usefulness here. With IPv4, however, I have been a little >> irritated at a few situations where I NEEDED this to work and it did not >> (certain PIX routers come to mind here). There are risks involved with >> ANY "automated" type traffic to be sure, but for my money, it SHOULD be >> possible to configure every router to support the network needs. So for >> my money, I'd suggest: >> >> * routers MUST support ip redirect >> * "default" configurations irrelevant to me >> >> I do agree with one or two of the other posters that it should not be >> within the purview of the IETF to "mandate" these defaults. Each of us >> will learn the defaults of the particular gear we use and can adjust >> config templates to match, given the needs of the network we are >> deploying. Just my $0.02 (may be worth less than that) :-) > > One of the challenges is that some vendors have a poor track-record of > documenting these defaults. this means unless you frequently sample
and changing them... so, picking a good default I think is important. You'd prefer less config headaches I bet vs having to constantly hack templates? > your network traffic, you may not see your device sending decnet mop > messages, or ipv6 redirects :) > > Personally (and as the instigator in the ipv6/6man discussion) if the yes thanks! :) (just following a path as requested by another 6man person) > vendors could be trusted to expose their default settings in their > configs, i would find a default of ON to be more acceptable. As their > track-record is poor, and the harm has been realized in the network we > operate (at least), I am advocating that as a matter of policy enabling > redirects not be a default-on policy. If people want to hang themselves > that's their problem, but at least they won't come with a hidden noose > around their neck. yes, that was my point as well. -chris > - Jared >