Should routers send redirects by default?
jbates at brightok.net
Fri Aug 20 17:25:40 UTC 2010
Why should the ietf dictate a default on this? Requiring implementation
I could understand, but setting the default? Should the ietf also
specify requirement of allowing configuration change of a default?
Honestly, redirects are not near the problem as icmp unreachables.
Christopher Morrow wrote:
> Polling a little bit here, there's an active discussion going on
> 6man at ietf about whether or not v6 routers should:
> o be required to implement ip redirect functions (icmpv6 redirect)
> o be sending these by default
> Essentially 12+ years ago in RFC2461
> (http://www.ietf.org/rfc/rfc2461.txt) and later in RFC4861
> (http://tools.ietf.org/html/rfc4861) there are a set of message types
> defined and use cases discussed which seem to lead to the idea that:
> routers should be reqiured to implement redirect logic/functionality
> routers should by default be enabled to send these redirect messages.
> In ipv4 there's a relatively widely used practice of disabling ip
> redirects. secure router and secure host templates disable this
> functionality, and have for quite some time. There are a host of
> reasons for this I don't really want to debate them though :) It would
> be instructive to get a sense of how many folks do NOT disable this
> sort of thing, or how many folks RELY on these functions working in
> their network build today.
> For the 6man discussion though, I presume that in ipv4 we take a set
> of configs/actions because of somewhat sane reasons, I suspect we
> would want to have the same config/end-state in v6? One proposal is to
> do this with:
> o routers are required to be able to send redirect messages
> o routers should NOT do this by default
> With the proviso that some consenting adults may choose to enable by
> default on certain platforms (cabl/dsl CPE, enterprise-LAN)... if that
> muddies the waters it'd be nice to just hear about the proposal there
> and leave the hinkiness of the rest out of the picture :) I hope that
> folks who currently run v6 network(s) might respond, there are quite a
> few v6 operators here... I'm looking at you owen/jjb/au-dsl-folk... :)
> thanks for your time, of couse if you want to chat more directly about
> this the 6man list is open and at:
More information about the NANOG