IPv6 RA vs DHCPv6 - The chosen one?
Jeff Wheeler
jsw at inconcepts.biz
Fri Dec 23 21:23:31 UTC 2011
On Fri, Dec 23, 2011 at 4:13 PM, Mohacsi Janos <mohacsi at niif.hu> wrote:
> If you can limit number of ARP/NDP entries per interfaces and you complement
> RAGuard and DHCPv4 snooping your are done.
That depends on how ARP/ND gleaning works on the box. In short, Cisco
already has a knob to limit the number of ND entries per interface on
some of their kit, and it is not a solution, only a damage mitigation
measure. http://inconcepts.biz/~jsw/IPv6_NDP_Exhaustion.pdf
--
Jeff S Wheeler <jsw at inconcepts.biz>
Sr Network Operator / Innovative Network Concepts
More information about the NANOG
mailing list