[j-nsp] IPv6 firewall policy for MX

Lee Pedder lee.pedder at gmail.com
Fri Jun 28 15:53:30 EDT 2019

It's a good start but there are many issues with it.

I think you need to take some time to understand IPv6 before implementing.
The book examples don't restrict RS/RA to link local, are too open on
things like BGP and traceroute. Trio hardware also has payload-protocol
available in addition to next-header for matching.

The IETF opsec-v6 draft is a useful resource to begin with


On Fri, 28 Jun 2019, 20:28 Aaron Gould, <aaron1 at gvtc.com> wrote:

> 2nd edition page 332 "IPv6 RE Protection Filter"
> -Aaron
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list