Should routers send redirects by default?

Christopher Morrow christopher.morrow at gmail.com
Fri Aug 20 16:11:55 CDT 2010


On Fri, Aug 20, 2010 at 4:03 PM, Jared Mauch <jared at puck.nether.net> wrote:
>
> On Aug 20, 2010, at 3:56 PM, Butch Evans wrote:
>
>> On Fri, 2010-08-20 at 13:20 -0400, Christopher Morrow wrote:
>>> Polling a little bit here, there's an active discussion going on
>>> 6man at ietf about whether or not v6 routers should:
>>>  o be required to implement ip redirect functions (icmpv6 redirect)
>>>  o be sending these by default
>>
>> I do not currently have an IPv6 deployment, so my input may be lacking
>> in real usefulness here.  With IPv4, however, I have been a little
>> irritated at a few situations where I NEEDED this to work and it did not
>> (certain PIX routers come to mind here).  There are risks involved with
>> ANY "automated" type traffic to be sure, but for my money, it SHOULD be
>> possible to configure every router to support the network needs.  So for
>> my money, I'd suggest:
>>
>> * routers MUST support ip redirect
>> * "default" configurations irrelevant to me
>>
>> I do agree with one or two of the other posters that it should not be
>> within the purview of the IETF to "mandate" these defaults.  Each of us
>> will learn the defaults of the particular gear we use and can adjust
>> config templates to match, given the needs of the network we are
>> deploying.  Just my $0.02 (may be worth less than that)  :-)
>
> One of the challenges is that some vendors have a poor track-record of
> documenting these defaults.  this means unless you frequently sample

and changing them... so, picking a good default I think is important.
You'd prefer less config headaches I bet vs having to constantly hack
templates?

> your network traffic, you may not see your device sending decnet mop
> messages, or ipv6 redirects :)
>
> Personally (and as the instigator in the ipv6/6man discussion) if the

yes thanks! :) (just following a path as requested by another 6man person)

> vendors could be trusted to expose their default settings in their
> configs, i would find a default of ON to be more acceptable.  As their
> track-record is poor, and the harm has been realized in the network we
> operate (at least), I am advocating that as a matter of policy enabling
> redirects not be a default-on policy.  If people want to hang themselves
> that's their problem, but at least they won't come with a hidden noose
> around their neck.

yes, that was my point as well.
-chris

> - Jared
>




More information about the NANOG mailing list