NIST IPv6 document

Jack Bates jbates at brightok.net
Fri Jan 7 08:46:32 CST 2011


On 1/7/2011 8:17 AM, Tim Chown wrote:
> As RFC6018 suggests, this could be done dynamically on any given active subnet.
>

Unfortunately, I don't see support for it in major router vendors for 
service providers. Currently, flow + arp/ND/routing tables are utilized 
to determine a variety of situations, but even then, flow collection is 
limited at higher speeds.

I considered a 1 in 200 approach, but the iBGP tables will go through 
the roof for a single DHCPv6 pool in a single pop. I a worse problem 
with darknets than those scanning have with scanning a /64, especially 
since their scans are likely to be more targeted and not as random.

Jack




More information about the NANOG mailing list