IPv6 RA vs DHCPv6 - The chosen one?

Owen DeLong owen at delong.com
Tue Jan 3 15:56:57 CST 2012


On Dec 23, 2011, at 1:23 PM, Jeff Wheeler wrote:

> On Fri, Dec 23, 2011 at 4:13 PM, Mohacsi Janos <mohacsi at niif.hu> wrote:
>> If you can limit number of ARP/NDP entries per interfaces and you complement
>> RAGuard and DHCPv4 snooping your are done.
> 
> That depends on how ARP/ND gleaning works on the box.  In short, Cisco
> already has a knob to limit the number of ND entries per interface on
> some of their kit, and it is not a solution, only a damage mitigation
> measure.  http://inconcepts.biz/~jsw/IPv6_NDP_Exhaustion.pdf

In the real world, sufficient damage prevention/mitigation qualifies as a solution.

Owen




More information about the NANOG mailing list