Estonian IPv6 deployment report

Enno Rey erey at ernw.de
Sat Dec 27 16:37:33 UTC 2014


Hi,

On Sat, Dec 27, 2014 at 05:15:13PM +0100, Anders L??winger wrote:
> On 2014-12-22 16:27, Tarko Tikan wrote:
> 
> > Our access network is mix of DSL/GPON/wimax/p2p-ETH and broadband service is
> > deployed in shared service vlans. IPv6 traffic shares vlan with IPv4.
> 
> How do you protect customers from each other?
> 
> There are many nasty IPv6 attacks you can do when on a shared VLAN.

true, but some (most) of them only apply in networks where multicasting/ND is fully supported which is not necessarily the case in the above type of networks.
and, from what I understand, in their scenario RAs are not sent to link-local scope all nodes (ff02::1), so that would eliminate another attack vector (depending on the actual processing of RAs on the CPEs).

best

Enno





> 
> /Anders
> 

-- 
Enno Rey

ERNW GmbH - Carl-Bosch-Str. 4 - 69115 Heidelberg - www.ernw.de
Tel. +49 6221 480390 - Fax 6221 419008 - Cell +49 173 6745902 

Handelsregister Mannheim: HRB 337135
Geschaeftsfuehrer: Enno Rey

=======================================================
Blog: www.insinuator.net || Conference: www.troopers.de
Twitter: @Enno_Insinuator
=======================================================



More information about the NANOG mailing list