[j-nsp] Re : IPv6 Routing Headers
Pekka Savola
pekkas at netcore.fi
Thu Apr 26 01:58:24 EDT 2007
On Wed, 25 Apr 2007, Eli Dart wrote:
> Just for the record, a loopback filter does not stop transit traffic,
> even if the transit traffic is processed on the RE. (I tested it today).
Which transit traffic is processed on the RE? AFAICS, only those
packets with hop-by-hop header and router-alert IP options (?).
Packets with routing header shouldn't be processed by the RE unless
the destination address is configured on the RE, right?
So, certainly if you want to block transiting routing header traffic
(where destination address doesn't include your routers) you have to
do it with filters in the physical interface filters.
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
More information about the juniper-nsp
mailing list