[ipv6-wg] Re: not announcing IXP IPv6 peering lan prefixes in global BGP table possibly breaks PMTUD

Hello,

On Mon, 25 Jul 2011, Sander Steffann wrote:

>> 5) ?
>
> Adapt uRPF so that it does't filter ICMP error messages. Whether this is 
> useful depends on how much ICMP error messages with unreachable source 
> addresses we expect to see? When people/organizations start to use ULA 
> addresses it might be more than we see now.

do you really want to disable filtering all ICMP packets from non-routed 
addresses? I do not like to have an ICMP DoS from unroutable addresses in 
my network. ICMP is important for IPv6 communication to work, yes, but 
only from routable addresses.

ULA could be the next problem. Not only loose uRPF may be the problem in 
this case, but also infrastructure ACLs which deny ULA addresses from 
outside. RFC4193 4.3 says that packets from ULA addresses should be 
filtered at the border. If somebody sends ICMP "Packet too big" with an 
address from the ULA range as the source address it is expected that it 
will be dropped somewhere (at the border of the own network, at the border 
of the destination network or somewhere in a backbone between those two 
networks).

Regards,

Chris