On Fri, Aug 20, 2010 at 4:03 PM, Jared Mauch <jared@puck.nether.net> wrote:
On Aug 20, 2010, at 3:56 PM, Butch Evans wrote:
On Fri, 2010-08-20 at 13:20 -0400, Christopher Morrow wrote:
Polling a little bit here, there's an active discussion going on 6man@ietf about whether or not v6 routers should: o be required to implement ip redirect functions (icmpv6 redirect) o be sending these by default
I do not currently have an IPv6 deployment, so my input may be lacking in real usefulness here. With IPv4, however, I have been a little irritated at a few situations where I NEEDED this to work and it did not (certain PIX routers come to mind here). There are risks involved with ANY "automated" type traffic to be sure, but for my money, it SHOULD be possible to configure every router to support the network needs. So for my money, I'd suggest:
* routers MUST support ip redirect * "default" configurations irrelevant to me
I do agree with one or two of the other posters that it should not be within the purview of the IETF to "mandate" these defaults. Each of us will learn the defaults of the particular gear we use and can adjust config templates to match, given the needs of the network we are deploying. Just my $0.02 (may be worth less than that) :-)
One of the challenges is that some vendors have a poor track-record of documenting these defaults. this means unless you frequently sample
and changing them... so, picking a good default I think is important. You'd prefer less config headaches I bet vs having to constantly hack templates?
your network traffic, you may not see your device sending decnet mop messages, or ipv6 redirects :)
Personally (and as the instigator in the ipv6/6man discussion) if the
yes thanks! :) (just following a path as requested by another 6man person)
vendors could be trusted to expose their default settings in their configs, i would find a default of ON to be more acceptable. As their track-record is poor, and the harm has been realized in the network we operate (at least), I am advocating that as a matter of policy enabling redirects not be a default-on policy. If people want to hang themselves that's their problem, but at least they won't come with a hidden noose around their neck.
yes, that was my point as well. -chris
- Jared