Hi, Eric, Thanks so much for your comments. Please find my responses inline...
On 12/21/2011 01:56 PM, Eric Vyncke (evyncke) wrote: > My usual recommendations about this issue (and the related > packet-too-big sent to a mcast group) are quite commonly accepted and > are described in your I-D in 2.2: - RPF for all traffic - rate limit > per node the ICMP generation - rate limit per router the ICMP traffic > to a 100-1000 pps Note that this limit might kill other stuff -- just blindly limiting ICMPv6 traffic might e.g. introduce PMTUD blackholes. > I would rather be reluctant to change RFC 2460/4443 even if there > appears to currently have no valid use of option type 10xxxxxx > because who knows in the future? And getting an error message is > quite important. The v6 specs carefully eliminate other potential smurf amplifiers. -- But this one was "left in". Getting an error from multiple destination hosts doesn't look like a good idea. -- but I'll let others weigh in... Thanks, -- Fernando Gont SI6 Networks e-mail: fg...@si6networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------