[136436] in North American Network Operators' Group
Re: quietly....
daemon@ATHENA.MIT.EDU (Mohacsi Janos)
Thu Feb 3 03:45:54 2011
Date: Thu, 3 Feb 2011 09:45:29 +0100 (CET)
From: Mohacsi Janos <mohacsi@niif.hu>
To: Tony Finch <dot@dotat.at>
In-Reply-To: <alpine.LSU.2.00.1102021419430.5244@hermes-1.csi.cam.ac.uk>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Wed, 2 Feb 2011, Tony Finch wrote:
> On Wed, 2 Feb 2011, Iljitsch van Beijnum wrote:
>>
>> Example: if you give administrators the option of putting a router
>> address in a DHCP option, they will do so and some fraction of the time,
>> this will be the wrong address and things don't work. If you let routers
>> announce their presence, then it's virtually impossible that something
>> goes wrong because routers know who they are. A clear win.
>
> Counterexample: rogue RAs from Windows boxes running 6to4 or Teredo and
> Internet Connection Sharing. This is a lot harder to fix than a
> misconfigured DHCP server.
>
> http://malc.org.uk/6doom
Force your switch vendor to implement rogue RA filter (ra guard) in your
box:
http://tools.ietf.org/html/draft-ietf-v6ops-ra-guard
Best Regards,
Janos Mohacsi
