Dear WG, I woke up with one idea and I would like to challenge it. In IPv6, every device receives a routable address. To protect endpoints effectively, we require firewalls to filter unwanted traffic. But what if we could stop such traffic at the source? Could this approach convince more people toward adopting IPv6?
According to RFC 7381: “In a /48 assignment, typical for a site, there are then still 65,535 /64 blocks.” and “All user access networks should be a /64.” Can we use then bit 63 to convey a message: “I don’t want any incoming traffic initiated towards me!!!”? Of course a response would be accepted. We could divide the /64 allocations into two groups: one for servers, and these accept incoming traffic (bit 63 = 0): for example 2001:0db8:0000:0000::/64 And the second group: endpoints, these never accept incoming traffic (bit 63 = 1): for example 2001:0db8:0000:0001::/64 We only need all systems to understand the message. If a router or firewall sees such a packet, then drops it. Every TCP packet with flag SYN, where destination address (IPv6) has bit 63 equal 1, must be dropped. Would it be theoretically possible? Best regards Hubert Wisniewski
_______________________________________________ 6lo mailing list 6lo@ietf.org https://www.ietf.org/mailman/listinfo/6lo
