[141713] in North American Network Operators' Group
Re: The stupidity of trying to "fix" DHCPv6
daemon@ATHENA.MIT.EDU (Jack Bates)
Fri Jun 10 12:34:15 2011
Date: Fri, 10 Jun 2011 11:33:28 -0500
From: Jack Bates <jbates@brightok.net>
To: Matthew Kaufman <matthew@matthew.at>
In-Reply-To: <D39ED466-2C01-4317-AA9E-619A955CA1F0@matthew.at>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 6/10/2011 11:22 AM, Matthew Kaufman wrote:
>
> On Jun 10, 2011, at 7:34 AM, Ray Soucy wrote:
>
>>
>> I for one look forward to the day where things like RA Guard and MLD
>> Snooping are standard on every switch. Just IPv6 growing pains.
>
>
> I look forward to the day where "layer 2" switches don't need to implement hacks to fix "layer 3" flaws.
>
> Matthew Kaufman
We already have that. Run everything as a point to point for layer 2,
and there's no need to implement hacks. :P
Granted, RA Guard could also be handled transparent to the layer 2
switches, but that requires a common security model to inform the
devices who they are allowed to listen to.
MLD Snooping is just a problem of the switch being too stupid to know
which ports to send multicast out. It's technically not required if
there's a layer 2 protocol to inform the switch, but those are in
limited supply.
Both issues often suffer heavily from multi-vendor interoperability
problems.
Jack
