[j-nsp] Re : IPv6 Routing Headers
Kevin Day
toasty at dragondata.com
Thu Apr 26 03:13:00 EDT 2007
On Apr 24, 2007, at 8:46 AM, Pekka Savola wrote:
> On Tue, 24 Apr 2007, Kevin Oberman wrote:
>>> Kevin,
>>>
>>> Slide 20 of the presentation states that RH processing can not be
>>> deavtivat> ed on Juniper routers. Not sure whether that applies to
>>> JunOS, JunosE or bo> th.
>>>
>>> Cheers,
>>
I realize the slide said that, but I was curious if anyone had indeed
found a way to disable it that those authors were unaware of. There
are a lot of hidden/undocumented commands in junos, so it wouldn't
surprise me if there's a "set chassis no-source-route-v6" or
something that i'm just not aware of.
Or, if someone from Juniper could pipe in with a "We're working on it
for the next release" sorta thing. :)
>
> Well, given that RH0 processing only happens at the RE, filtering out
> all RH messages at the lo0 inet6 input should also fix this.
This may not be a good fix. Apparently some workstations are
generating RH0 headers on packets (probably without the knowledge of
their operators), just to get the packet out of their own network. I
don't want to block all packets with RH, just not act on them. The
header isn't stripped out of the packet after the last host using it
processes it, so we're going to see the RH headers even when people
are using them legitimately. While I think the idea itself is
somewhat flawed, I don't want to deny access to our sites to anyone
who is using them, intentionally or not - what I think you're
proposing would break connectivity for any packets with RH present...?
- Kevin
More information about the juniper-nsp
mailing list