Estonian IPv6 deployment report
erey at ernw.de
Sat Dec 27 16:37:33 UTC 2014
On Sat, Dec 27, 2014 at 05:15:13PM +0100, Anders L??winger wrote:
> On 2014-12-22 16:27, Tarko Tikan wrote:
> > Our access network is mix of DSL/GPON/wimax/p2p-ETH and broadband service is
> > deployed in shared service vlans. IPv6 traffic shares vlan with IPv4.
> How do you protect customers from each other?
> There are many nasty IPv6 attacks you can do when on a shared VLAN.
true, but some (most) of them only apply in networks where multicasting/ND is fully supported which is not necessarily the case in the above type of networks.
and, from what I understand, in their scenario RAs are not sent to link-local scope all nodes (ff02::1), so that would eliminate another attack vector (depending on the actual processing of RAs on the CPEs).
ERNW GmbH - Carl-Bosch-Str. 4 - 69115 Heidelberg - www.ernw.de
Tel. +49 6221 480390 - Fax 6221 419008 - Cell +49 173 6745902
Handelsregister Mannheim: HRB 337135
Geschaeftsfuehrer: Enno Rey
Blog: www.insinuator.net || Conference: www.troopers.de
More information about the NANOG