----- Original Message ----- > From: "Jimmy Hess" <[email protected]>
> On 4/1/13, Jay Ashworth <[email protected]> wrote: > >> It would just be way too much luck and convenience for that to > >> happen > >> by coincidence. > > > > Once in a while, you win. > > The trouble with winning by coincidence or winning as a side-effect... > Do you keep winning? Depends on how you won. > What happens with IPv6 CPE devices, when there is no NAT? Well, that's going to be an interesting question in general: will v6 edge routers a) exist, b) handle the addressing, c) handle DHCP, d) actually not do NAT, or e) NAT a v4 home network to a v6 address/network? > No translation occurs, so possibly rogue source IP packets get > through, unless the device specifically applies uRPF or clamping > source addresses to the LAN interface subnet. > > It would be nice if the RFCs specified Ingress filtering by default in > router requirements for IPv4 and IPv6, as a MUST requirement; instead > of some 2nd class citizen, optional best practices document. Nah. That's *not* ingress filtering, for all practical purposes; it's *egress* filtering -- filtering that's under control of the network operating entity, and thus semi-useless for the purposes at hand. (On re-reading that, I see I'm not entirely clear: any filtering has to be done on the upsptream end of the link, so that it is *not* in control of the entity which might be originating the bad packets; John Carmack illustrated why in his piece about Quake cheating. What; you haven't read that piece? And you run networks? :-) Cheers, -- jra Cheers, -- jra -- Jay R. Ashworth Baylink [email protected] Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274
