[142873] in North American Network Operators' Group
Re: NDP DoS attack
daemon@ATHENA.MIT.EDU (Florian Weimer)
Sun Jul 17 05:17:28 2011
From: Florian Weimer <fw@deneb.enyo.de>
To: Jared Mauch <jared@puck.nether.net>
Date: Sun, 17 Jul 2011 11:15:25 +0200
In-Reply-To: <3B3053F2-DFFF-4AD4-920A-A28657622A5A@puck.nether.net> (Jared
Mauch's message of "Thu, 14 Jul 2011 22:35:40 -0400")
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
* Jared Mauch:
> Solving a local attack is something I consider different in scope
> than the current draft being discussed in 6man, v6ops, ipv6@ etc...
That's not going to happen because it's a layering violation between
the IETF and IEEE. It has not been solved during thirty years of IPv4
over Ethernet. Why would be IPv6 be different?
In practice, the IPv4 vs IPv6 difference is that some vendors provide
DHCP snooping, private VLANs and unicast flood protection in IPv4
land, which seems to provide a scalable way to build Ethernet networks
with address validation---but there is nothing comparable for IPv6
right now, from any vendor.
_____
NANOG mailing list
NANOG@nanog.org
https://mailman.nanog.org/mailman/listinfo/nanog
