NIST IPv6 document

Phil Regnauld regnauld at nsrc.org
Wed Jan 5 11:57:50 CST 2011


Jeff Wheeler (jsw) writes:
> are badly needed.  The largest current routing devices have room for
> about 100,000 ARP/NDP entries, which can be used up in a fraction of a
> second with a gigabit of malicious traffic flow.  What happens after
> that is the problem, and we need to tell our vendors what knobs we
> want so we can "choose our own failure mode" and limit damage to one
> interface/LAN.

	Well there are *some* knobs:

	http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-addrg_bsc_con.html#wp1369018

	Not very smart, as it just controls how fast you run out of entries.

	I haven't read all entries in this thread yet, but I wonder if
	http://tools.ietf.org/html/draft-jiang-v6ops-nc-protection-01 has been
	mentioned ?

	Seems also that this topic has been brought up here a year ago give
	or take a couple of weeks:

	http://www.mail-archive.com/[email protected]/msg18841.html


	Cheers,
	Phil




More information about the NANOG mailing list