IPv6 first hop security on a budget?

joel jaeggli joelja at bogus.com
Sat Nov 11 06:28:03 UTC 2017


On 11/11/17 09:14, Fernando Gont wrote:
> On 05/05/2017 08:27 PM, Joel Whitehouse wrote:
>> What's a good budget option for switching a small lab or office ipv6
>> with RA Guard, DHCP6 snooping, and ICMP6 snooping?
>>
> 
> If you do deploy this, please take a look at the issues discussed in
> RFC7113. Similar stuff is likely to apply to DHCPv6 snooping et al.

experiences vary, if you're looking to experience them first hand, warts
implementation details and all, juniper ex2300c, cisco 3560cx are both
small variants of both providers lower-end layer2/3 switches and are
relatively inexpensive, fairly feature rich platforms.

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960cx_3650cx/software/release/15-2_3_e/configuration/guide/b_1523e_consolidated_2960cx_3560cx_cg/b_consolidated_152ex_2960-X_cg_chapter_0110000.pdf

https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/router-advertisement-guard-edit-fo.html

joel

> Thanks!
> 
> Best regards,
> 




More information about the NANOG mailing list