[6bone] 2001:478:: as /48

Andrew Miehs andrew@2sheds.de
Thu, 4 Sep 2003 19:06:05 +0200


I, on the other hand, do not agree with NOT announcing this block.

If something is sitting on the Internet, it requires an IP Address, and 
this
address should be reachable from everywhere at every time. ESPECIALLY
if it is something as important as a router.

<rant>
I find trying to 'hide' router interfaces for security purposes has 
nothing
to do with security. I don't like it when my traceroutes don't work, 
and it
makes debugging a lot more difficult, and who knows, one day we will
end up in a situation, where things do not work 100% because we all
used this shortcut. See path MTU discover and security experts dropping
all ICMP messages on their firewalls.
</rant>

my 2c worth.

Regards

Andrew Miehs

On Thursday, September 4, 2003, at 18:48PM, Robert J. Rockell wrote:

> I agree with this.  As long as the IP address allocation is used only 
> as
> next-hop for prefixes exchanges across some fabric, the DMZ prefix 
> does not
> need to be exported outside of the routing domain of the exchange 
> member.
>
> On Fri, 5 Sep 2003, Akira Kato wrote:
>
> ->
> ->If the address is not globally reachable, it is impossible to send
> ->packets to the routers on the IX and this will be a measure for the
> ->remote DoS attack if not perfect.