turning on comcast v6

Owen DeLong owen at delong.com
Mon Jan 6 21:30:00 UTC 2014


On Jan 6, 2014, at 13:22 , Paul Ferguson <fergdawgster at mykolab.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
> On 1/6/2014 1:08 PM, Owen DeLong wrote:
> 
>> The port isn't particularly trusted, but it is allowed to send RAs
>> which are forwarded to the network by default. Obviously a sane
>> switch would allow this configuration to be changed. We're not
>> talking about the security model for a network, we're talking about
>> the default behavior of a switch.
>> 
>> Defaults are, inherently guesses to some extent. Nonetheless, a
>> switch must have some default behavior.
>> 
>> It seems to me that in the case of switches which have otherwise
>> designated uplink ports, it is logical to make those ports default
>> to RA allowed while defaulting to not allowing RAs from other ports
>> by default.
> 
> Some people do not want switches making IP address assignments. That's
> all. :-)
> 

Huh???

I don't think I said anything even remotely like that.

Owen





More information about the NANOG mailing list