I fairly do not see what ACL have to do with Passive addresses? They serve completely different goals (and are to some degree ortogonal).
ACls should still be used where ever found usefull. Passive address can be used where deemed usefull for device protection while still allowing limited troubleshooting within the network (traceroute, traps as most important onces). Please feel free to read the draft. G/ -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Dobbins, Roland Sent: 07 October 2012 12:42 To: opsec wg mailing list Cc: v6ops v6ops WG ([email protected]) Subject: Re: [OPSEC] Passive IP addresses - 2th iteration On Oct 7, 2012, at 5:32 PM, Gunter Van de Velde (gvandeve) wrote: > Edge ACL tend to be wrong after a while (too much operation involved etc...) Operational entropy applies to all forms of policy. > This is just another way to shield the infrastructure. A potentially duplicative, confusing and unnecessary way, IMHO. ----------------------------------------------------------------------- Roland Dobbins <[email protected]> // <http://www.arbornetworks.com> Luck is the residue of opportunity and design. -- John Milton _______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec _______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
