turning on comcast v6

Paul Ferguson fergdawgster at mykolab.com
Mon Jan 6 21:22:27 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 1/6/2014 1:08 PM, Owen DeLong wrote:

> The port isn't particularly trusted, but it is allowed to send RAs
> which are forwarded to the network by default. Obviously a sane
> switch would allow this configuration to be changed. We're not
> talking about the security model for a network, we're talking about
> the default behavior of a switch.
> 
> Defaults are, inherently guesses to some extent. Nonetheless, a
> switch must have some default behavior.
> 
> It seems to me that in the case of switches which have otherwise
> designated uplink ports, it is logical to make those ports default
> to RA allowed while defaulting to not allowing RAs from other ports
> by default.

Some people do not want switches making IP address assignments. That's
all. :-)

- - ferg

- -- 
Paul Ferguson
PGP Public Key ID: 0x54DC85B2

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iF4EAREIAAYFAlLLHpMACgkQKJasdVTchbL6+gEApBli/t4RF4Eq3XroJkqrRmgn
9WYSy2ReVwo7Bx9l+PMA/16zyzwOgG4fdNc9zgt0A4Pb+dGpMBx8LkRY6Kj71F5t
=J8uY
-----END PGP SIGNATURE-----




More information about the NANOG mailing list