[112045] in North American Network Operators' Group
Re: IPv6 Confusion
daemon@ATHENA.MIT.EDU (Joel Jaeggli)
Wed Feb 18 16:14:56 2009
Date: Wed, 18 Feb 2009 13:11:36 -0800
From: Joel Jaeggli <joelja@bogus.com>
To: "Dale W. Carder" <dwcarder@wisc.edu>
In-Reply-To: <3A0AD7D0-FBBB-4713-A1A2-49DE512AF7E7@wisc.edu>
Cc: nanog list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Dale W. Carder wrote:
>
> On Feb 18, 2009, at 3:00 PM, Nathan Ward wrote:
>> On 19/02/2009, at 9:53 AM, Leo Bicknell wrote:
>>>
>>> Let me repeat, none of these solutions are secure. The IPv4/DHCP model
>>> is ROBUST, the RA/DHCPv6 model is NOT.
>>
>> The point I am making is that the solution is still the same -
>> filtering in ethernet devices.
>>
>> Perhaps there needs to be something written about detailed
>> requirements for this so that people have something to point their
>> switch/etc. vendors at when asking for compliance. I will write this
>> up in the next day or two. I guess IETF is the right forum for
>> publication of that.
>>
>> Is there something like this already that anyone knows of?
>
>
> http://tools.ietf.org/id/draft-chown-v6ops-rogue-ra-02.txt
>
> This is the last message I recall seeing in v6ops about it:
>
> "It seems to me that the L2 devices are welcome to perform
> whatever filtering they like regardless of any documents
> that might come from the IETF. Therefore, I'd like to see
> more pros/cons on this."
> http://ops.ietf.org/lists/v6ops/v6ops.2008/msg01733.html
There is also:
http://tools.ietf.org/html/draft-vandevelde-v6ops-ra-guard-01
> Cheers,
> Dale
>
