On 7. May 2012, at 12:56 , William Herrin wrote: > I vote for the Cisco approach. It has occasionally quirky results but > it's also flexible enough to handle situations the protocol designers > didn't conceive of.
Isn't it a simple scope violation in IPv6 and thus a bug and with that end of story? I mean the check isn't even overly expensive in this case... and I can't see how much meaningful other than unicast traffic passing a gateway you could do this way anyway. The worst someone sends a small packet and you get a huge reply to a local node that didn't ask for it keeping your switches and two random machines busy or generating a bit of nd noise, or ... 19:12:31.257674 02:00:00:00:08:0b > 02:00:00:00:07:0a, ethertype IPv6 (0x86dd), length 70: (hlim 64, next-header ICMPv6 (58) payload length: 16) fe80::ff:fe00:80b > 2001:db8::1: [icmp6 sum ok] ICMP6, echo request, seq 12 19:12:31.257817 02:00:00:00:07:0a > 02:00:00:00:08:0b, ethertype IPv6 (0x86dd), length 118: (hlim 64, next-header ICMPv6 (58) payload length: 64) fe80::ff:fe00:70a > fe80::ff:fe00:80b: [icmp6 sum ok] ICMP6, destination unreachable, beyond scope 2001:db8::1, source address fe80::ff:fe00:80b I actually tried to see if I could cross the atlantic with such a packet, only to find that I didn't have an exist gateway showing this bug. Oh well, I am safe. /bz -- Bjoern A. Zeeb You have to have visions! It does not matter how good you are. It matters what good you do!
