Estonian IPv6 deployment report

Anders Löwinger anders at
Sun Dec 28 11:01:57 UTC 2014

On 2014-12-27 17:37, Enno Rey wrote:
> true, but some (most) of them only apply in networks where multicasting/ND is fully supported which is not necessarily the case in the above type of networks.

Yes. I'm aware of the various types of solutions for security in IPv6 with
shared VLANs. I was curious of what solution they used.

> and, from what I understand, in their scenario RAs are not sent to link-local scope all nodes (ff02::1), so that would eliminate another attack vector (depending on the actual processing of RAs on the CPEs).

In P2P-Eth you can always remove the CPE and connect your hacker PC instead,
and then start to inject RAs. Depending on the network this will be handled or
not. Now it sounds they have a good solution in place, no L2 between customer


More information about the NANOG mailing list