The following errata report has been submitted for RFC6192, "Protecting the Router Control Plane".
-------------------------------------- You may review the report below and at: http://www.rfc-editor.org/errata_search.php?rfc=6192&eid=4705 -------------------------------------- Type: Technical Reported by: Trond Endrestøl <[email protected]> Section: A.1 Original Text ------------- ipv6 access-list EBGPv6 permit tcp host 2001:DB8:100::25 eq bgp any permit tcp host 2001:DB8:100::25 any eq bgp permit tcp host 2001:DB8:100::27 eq bgp any permit tcp host 2001:DB8:100::27 any eq bgp permit tcp host 2001:DB8:100::29 eq bgp any permit tcp host 2001:DB8:100::29 any eq bgp permit tcp host 2001:DB8:100::31 eq bgp any permit tcp host 2001:DB8:100::31 any eq bgp ip access-list extended DNS permit udp 198.51.100.0 0.0.0.252 eq domain any ipv6 access-list DNSv6 permit udp 2001:DB8:100:1::/64 eq domain any permit tcp 2001:DB8:100:1::/64 eq domain any ip access-list extended NTP Corrected Text -------------- ipv6 access-list EBGPv6 permit tcp host 2001:DB8:100::25 eq bgp any permit tcp host 2001:DB8:100::25 any eq bgp permit tcp host 2001:DB8:100::27 eq bgp any permit tcp host 2001:DB8:100::27 any eq bgp permit tcp host 2001:DB8:100::29 eq bgp any permit tcp host 2001:DB8:100::29 any eq bgp permit tcp host 2001:DB8:100::31 eq bgp any permit tcp host 2001:DB8:100::31 any eq bgp ip access-list extended DNS permit udp 198.51.100.0 0.0.0.252 eq domain any permit tcp 198.51.100.0 0.0.0.252 eq domain any ipv6 access-list DNSv6 permit udp 2001:DB8:100:1::/64 eq domain any permit tcp 2001:DB8:100:1::/64 eq domain any ip access-list extended NTP Notes ----- DNS is transported sometimes over UDP and sometimes over TCP. The Cisco example fails to demonstrate this behaviour in the case of IPv4. The Cisco example clearly shows this behaviour in the case of IPv6. The Juniper example in Section A.2 should be amended in the same fashion, however I'm unfamiliar with the proper JunOS syntax. Instructions: ------------- This erratum is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party (IESG) can log in to change the status and edit the report, if necessary. -------------------------------------- RFC6192 (draft-ietf-opsec-protect-control-plane-06) -------------------------------------- Title : Protecting the Router Control Plane Publication Date : March 2011 Author(s) : D. Dugal, C. Pignataro, R. Dunn Category : INFORMATIONAL Source : Operational Security Capabilities for IP Network Infrastructure Area : Operations and Management Stream : IETF Verifying Party : IESG
_______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
