IPv6 Security [Was: Re: misunderstanding scale]
Jack Bates
jbates at brightok.net
Thu Mar 27 18:14:30 UTC 2014
On 3/27/2014 12:19 PM, Luke S. Crawford wrote:
>
> This is a very common problem for dedicated hosting providers (and why
> I give my dedicated hosts a vlan and a routed subnet, wasting IPv4.)
>
Implement what some DSL access providers do. Unnumbered interfaces with
/32 routing to the vlan. The last I checked, I think a J can even get
the /32 route from radius when using autoconfig with radius auth. We did
similar things with IPv6, as well. proxy-arp/proxy-nd to handle the
cross talk.
IOS 12.1 7206 confirmed. No autoconf, but static subinterfaces for each
vlan (q-in-q supported or atm), unnumbered to loopback. DHCPv4 and
static routing works. IPv6 had issues, but could handle static /64 per
subint.
ASR/J MX, autoconfig w/ radius backend, manual subint/unit, or
combination. DHCPv4 confirmed, static host routes confirmed. IPv6 not
confirmed. Radius static host route establishment not confirmed. Still
testing.
Jack
More information about the NANOG
mailing list