Comment 43 for bug 176125

My enterprise is a large research university in North America. We control University owned machines, but student-owned machines are a different matter.

I'm not certain that filtering privacy addresses at the border is sufficient. I'd need to check with our security office, but I suspect we'd also need to block them for internal connections, which means blocking them at the edge. I doubt that all of our network equipment can filter based on specific bits in an IPv6 address. Like many large organizations, we have a large installed base of equipment from multiple vendors on various lifecycles. Some of this equipment is managed centrally, but a significant portion is managed by other units (colleges, departments, etc). I couldn't even begin to guess what percentage of our routers, switches, and firewalls have this sort of filtering ability.

We have thousands of networks at the university. It's not practical to install NDPmon on each of them, as much as I might wish it were done.

I think if you were to poll the Internet2 IPv6 community, you'd find many similar environments.

Let me flip the question around -- how many respondents manage networks at large institutions ?