IPv6 Confusion

Adrian Chadd adrian at creative.net.au
Wed Feb 18 22:20:41 UTC 2009

On Thu, Feb 19, 2009, Nathan Ward wrote:

> So, those people don't use DHCP in IPv4 if this is a concern, so I'm  
> guessing they are not hoping to use DHCPv6 either.
> Static configuration of IP addressing information and other  
> configuration will work just fine for them.
> I wonder, do they use ARP?

In the corporate world, you get wonderful L2/L3 features in switches,
such as:

* helper address stuff, to run centralised DHCP servers
* dhcp sniffing/filtering
* per port L2/L3 filters
* dynamic arp inspection

which are used on corporate LANs to both build out scalable address
management platforms (ie, no need to run a DHCP server on each subnet,
nor one DHCP server with seperate vlan if's to provide service), control
access and mitigate security risks.

I don't know what the IPv6 LAN "snooping" functionality is across
vendors but the last time I checked this out (say, 2-3 years ago)
it was pretty lacking.

> The things you are talking about are about protecting against  
> misconfiguration, not about protecting against malicious people.

See above.


More information about the NANOG mailing list