IPv6 first hop security on a budget?

Saku Ytti saku at ytti.fi
Sat Nov 11 05:00:47 UTC 2017

Not suggesting there is no use case of RA Guard, DHCP6 Snooping, ICMP6
snooping, as I deployed IPv4 equivalent pretty much the day they were
available on 3560.

You might want to consider de-perimeterisation. Do you offer way to
connect to intranet from Internet? If so, why not use same method in
office, and have equivalent 0 trust on office infra? Additional
benefit is OPEX reduction by not having users submit tickets 'X works
from VPN but not from office' and vice versa.

On 6 May 2017 at 08:27, Joel Whitehouse <code at joelwhitehouse.com> wrote:
> What's a good budget option for switching a small lab or office ipv6 with RA
> Guard, DHCP6 snooping, and ICMP6 snooping?


More information about the NANOG mailing list