On Jan 10, 2011, at 5:56 AM, Tim Chown wrote: > > On 7 Jan 2011, at 15:12, Justin M. Streiner wrote: > >> On Thu, 6 Jan 2011, Jeff Wheeler wrote: >> >>> On Thu, Jan 6, 2011 at 8:47 PM, Owen DeLong <o...@delong.com> wrote: >>>> 1. Block packets destined for your point-to-point links at your >>>> borders. There's no legitimate reason someone should be >>> >>> Most networks do not do this today. Whether or not that is wise is >>> questionable, but I don't think those networks want NDP to be the >>> reason they choose to make this change. >> >> Correct me if I'm wrong, but wouldn't blocking all traffic destined for your >> infrastructure at the borders also play havoc with PTMUD? Limiting the >> traffic allowed to just the necessary types would seem like a reasonable >> alternative. > > Recommendations for PTMUD-friendly filtering are described in RFC 4890. > > Tim
Unless my point-to-point links are originating packets to the outside world (they should not be, in general), then I should not expect any PMTU-D responses directed at them. As such, blocking even those packets TO my point-to-point interfaces should not be problematic. Owen