IPv6 Confusion

Joel Jaeggli joelja at bogus.com
Wed Feb 18 15:11:36 CST 2009


Dale W. Carder wrote:
> 
> On Feb 18, 2009, at 3:00 PM, Nathan Ward wrote:
>> On 19/02/2009, at 9:53 AM, Leo Bicknell wrote:
>>>
>>> Let me repeat, none of these solutions are secure.  The IPv4/DHCP model
>>> is ROBUST, the RA/DHCPv6 model is NOT.
>>
>> The point I am making is that the solution is still the same -
>> filtering in ethernet devices.
>>
>> Perhaps there needs to be something written about detailed
>> requirements for this so that people have something to point their
>> switch/etc. vendors at when asking for compliance. I will write this
>> up in the next day or two. I guess IETF is the right forum for
>> publication of that.
>>
>> Is there something like this already that anyone knows of?
> 
> 
> http://tools.ietf.org/id/draft-chown-v6ops-rogue-ra-02.txt
> 
> This is the last message I recall seeing in v6ops about it:
> 
> "It seems to me that the L2 devices are welcome to perform
> whatever filtering they like regardless of any documents
> that might come from the IETF. Therefore, I'd like to see
> more pros/cons on this."
> http://ops.ietf.org/lists/v6ops/v6ops.2008/msg01733.html

There is also:

http://tools.ietf.org/html/draft-vandevelde-v6ops-ra-guard-01

> Cheers,
> Dale
> 





More information about the NANOG mailing list