On Jan 10, 2011, at 5:56 AM, Tim Chown wrote:

> 
> On 7 Jan 2011, at 15:12, Justin M. Streiner wrote:
> 
>> On Thu, 6 Jan 2011, Jeff Wheeler wrote:
>> 
>>> On Thu, Jan 6, 2011 at 8:47 PM, Owen DeLong <o...@delong.com> wrote:
>>>> 1.      Block packets destined for your point-to-point links at your
>>>>       borders. There's no legitimate reason someone should be
>>> 
>>> Most networks do not do this today.  Whether or not that is wise is
>>> questionable, but I don't think those networks want NDP to be the
>>> reason they choose to make this change.
>> 
>> Correct me if I'm wrong, but wouldn't blocking all traffic destined for your 
>> infrastructure at the borders also play havoc with PTMUD?  Limiting the 
>> traffic allowed to just the necessary types would seem like a reasonable 
>> alternative.
> 
> Recommendations for PTMUD-friendly filtering are described in RFC 4890.
> 
> Tim

Unless my point-to-point links are originating packets to the outside world
(they should not be, in general), then I should not expect any PMTU-D
responses directed at them.

As such, blocking even those packets TO my point-to-point interfaces
should not be problematic.

Owen


Reply via email to