26 May
2017
26 May
'17
2:22 a.m.
Thinking about this, I recall that I run an IPv6
tunnel with Hurricane
Electric in the same manner. They require that I allow ICMP - Echo
Request to the border. The tunnel doesn't come online at their end,
until they receive an Echo Reply from the IP I specified (either
statically or with DDNS).
Just a rule used by one ISP.
I think it is not required to allow pings to the outside address, and it may be
difficult for some people to fulfill that requirement (as it may be part of the
setup of their ISP router to disallow these).
Instead, I would like to see that pings to at least one of the gatewayed addresses
are allowed (a net-44 address inside one of the subnet(s) routed to that gateway).
This is also much more indicative of a functioning gateway.
In the IPv6 tunnel example that would mean allowing ping to one IPv6 address.
Of course our problem is that we never asked the gateway operators for the address
of their gateway on net-44. So that would have to be added in the form, the database
and the encap file (or some other file).
Rob