I found out by accident yesterday that JUNOS routers will forward IPv6 packets with a link-local source address, in direct opposition of RFC 4291. To me, this seems to be a security hole that would be useful for DDoS attackers, giving them a way to send traffic that is difficult to trace back to the source. I try to be a good "net neighbor", using uRPF wherever possible (and other filters elsewhere) to make sure all packets coming from my network at least look valid, but this goes right by that. I posted over on juniper-nsp about this (more to see if I was just missing something) and got a response that it is a known thing. There's a closed Juniper PR, 556860, that says this affects all JUNOS devices except SRX (Trio platforms will get a fix starting with JUNOS 12.3). It doesn't sound like Juniper is going to fix this for the rest of us. I guess I'm mainly curious to see what others think about this. -- Chris Adams <cmadams@hiwaay.net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.