asymmetric routing

[Pim van Pelt]

Hallo,

I had always suspected it to be the case, but recently I have been monitoring
the traffic that goes through the TunnelBroker at IPng.nl, and see that 
several of my downstream users are pushing foreign traffic through my 
router in Amsterdam.

I would like to bring this to your attention, because of the following.
Many people seem to believe that IPv6 is the solution to all current IPv4
problems, such as spoofing, broadcast and others.

The spoofing aspect, which is demonstrated by the IPng situation, will not
be properly taken care of unless we (the IPv6 administrators of today) set
a good example and refuse to route traffic on our borders that does not 
originate within our own networks.

In the example of my tunnelbroker, I am now dropping all the traffic sourced
from outside of the IPng space, typically 3ffe:8114:2000::/52 and 
3ffe:8114:1000::/48, trying to traverse the tunnelbroker from downstream 
to upstream.

Is this common practice with tunnelbrokers? Does anybody want to share their
experience on this matter ? Installing these simple rulesets 'as default' 
should not seem that big a deal with today's routing hardware. 

What do the folk from Cisco think about these anti-spoof measures being set
to enabled state per default (user overridable of course) ?

I for one would like to see my fellow tunnelbroker admins enable these types
of rulesets on their infrastructure. It will make collecting tunnels 
impossible, a thing that is common on tunnelbroker+irc land, but no longer
possible at my site.

groet,
Pim
-- 
---------- - -    - - -+- - -    - - ----------
Pim van Pelt                 Email: pim@ipng.nl
http://www.ipng.nl/             IPv6 Deployment
-----------------------------------------------