On Fri, 22 Jun 2012 08:38:04 -0500, Simon Perreault
<simon.perrea...@viagenie.ca> wrote:
This is ridiculous. You should be allocating all your PtP links out of a
single prefix protected by an ACL at your border. All packets to the PtP
prefix need to be dropped. You should be doing this no matter the size
of your PtP links. The attack is impossible with good operational
practices.
If I was building from the ground up I might be inclined to agree, but if
you're adding IPv6 to an existing infrastructure it isn't always that
feasible. We have many physical locations and many borders. Not every
border consists of equipment that could properly ACL this, and an ISP
can't just throw firewalls on the edges of their network.
