Automatic IPv6 due to broadcast

Owen DeLong owen at
Mon Apr 23 08:38:09 CDT 2012

On Apr 23, 2012, at 6:25 AM, Chuck Anderson wrote:

> On Mon, Apr 23, 2012 at 12:24:53AM -0700, Owen DeLong wrote:
>> On Apr 22, 2012, at 10:30 PM, Jimmy Hess wrote:
>>>  Particularly good L2 switches also have
>>> DAI  or  "IP Source guard"  IPv4 functions,   which when properly
>>> enabled,  can foil certain L2 ARP  and IPv4 source  address spoofing
>>> attacks,  respectively.
>>> e.g. Source IP address of packet does not match one of the DHCP leases
>>> issued to that port -- then drop the packet.
>> Meh... I can see many cases where that might be more of a bug than feature.
>> Especially in environments where loops may be possible and the DHCP lease might
>> have come over a different path than the port in question during some network event.
> You're only supposed to use those features on the port directly
> connected to the end-system, or to a few end-systems via an unmanaged
> office switch that doesn't have redundant uplinks.  I.e. edge ports.

In a lot of cases, enforcing that all address assignments are via DHCP can still be
counter-productive. Especially in IPv6.


More information about the NANOG mailing list