Fred, > >That's definitely out of scope of this *protocol* specification. > > > >They're just forwarded IP packets. More often than not, the router > >doesn't even know it's ICMPv6 (because it just looks at the > >destination address), and *cannot* even know that (e.g., there are > >extension headers, encryption, etc.). > > > > If the router can know that they are error messages and can also know, > e.g., that the errors are arriving at a disproportionally > high rate with > respect to the IPv6 packets that could have possibly generated them, > then it should perform rate limiting. (That would be per-interface > rate limiting, I suppose.)
If the router starts looking the protocol type field in the IPv6 header and behave differently for each type of packet, IMHO it will become a firewall or a packet filter :) I agree with Pekka and Havard. This will be fixing (or rather patching) the problem at the wrong place. As Pekka already said that this issue is not just with ICMPv6 but with any bad traffic. For what all bad traffic a router should perform rate limiting for is a general question and should be completely outside the scope of the ICMPv6 Protocol spec. Regards Mukesh -------------------------------------------------------------------- IETF IPv6 working group mailing list [EMAIL PROTECTED] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------