[j-nsp] JunOS forwarding IPv6 packets with link-local source
Saku Ytti
saku at ytti.fi
Fri May 17 04:34:24 EDT 2024
On Fri, 17 May 2024 at 10:36, Antti Ristimäki <antristima at gmail.com> wrote:
> iACL design becomes a bit more challenging if you want to keep the
> link-local things link local (e.g. there are legit ND packets with
> link-local srcaddr and GUA dstaddr). It is doable, though.
Not disagreeing, but what are these packets? And can you drop
link-local in two forwarding-filter terms?
I know ND can be any permutation, but those can be handled in earlier
terms in iACL without matching addresses, by matching icmp6 types and
hop-limit 255.
--
++ytti
More information about the juniper-nsp
mailing list