Ciena 6200 clue?

Jeff Shultz jeffshultz at
Wed Jul 3 20:03:46 UTC 2013

On 7/3/2013 1:00 PM, Paul Stewart wrote:
> On 2013-07-03 3:57 PM, "Brandon Ross" <bross at> wrote:
>> Everyone knows that attacks against your management interface come
>> from devices not on your management network.  By removing the
>> default gateway feature, Ciena is improving the security of your
>> network.
>> It's time we created a BCOP specifying that default gateway
>> functionality be disabled or removed in all network deployments, in
>> the interest of security.  Security improvements realized in the
>> last few years by dropping all ICMP and TCP DNS at firewall
>> boundaries, not to mention universal deployment of NAT, were just
>> the first few steps to creating a much more secure Internet.
>> Once disablement of default gateway functionality has been become
>> a common practice, the natural reduction in traffic on the Internet
>> should allow most operators to achieve enormous cost savings by
>> powering off all of their equipment.
> Awesome - sorry, can't resistŠ. :)

Ah, somehow my eyeballs glazed over the excellent sarcasm that was made
evident in the last paragraph....

Either way, my point remains: I want the option. I suspect I'm not alone...

Jeff Shultz

More information about the NANOG mailing list