[142878] in North American Network Operators' Group
Re: NDP DoS attack
daemon@ATHENA.MIT.EDU (Florian Weimer)
Sun Jul 17 05:48:33 2011
From: Florian Weimer <fw@deneb.enyo.de>
To: Mikael Abrahamsson <swmike@swm.pp.se>
Date: Sun, 17 Jul 2011 11:48:25 +0200
In-Reply-To: <alpine.DEB.2.00.1107171134320.20159@uplift.swm.pp.se> (Mikael
Abrahamsson's message of "Sun, 17 Jul 2011 11:35:27 +0200 (CEST)")
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
* Mikael Abrahamsson:
> On Sun, 17 Jul 2011, Florian Weimer wrote:
>
>> In practice, the IPv4 vs IPv6 difference is that some vendors
>> provide DHCP snooping, private VLANs and unicast flood protection in
>> IPv4 land, which seems to provide a scalable way to build Ethernet
>> networks with address validation---but there is nothing comparable
>> for IPv6 right now, from any vendor.
>
> That is not true. Check out work and reports from the IETF SAVI
> WG. There are actually quite a few implementations out there, being
> used in production.
Others use tunnels, PPPoE or lots of scripting, so certainly something
can be done about it. To my knowledge, SAVI SEND is still at a
similar stage. Pointers to vendor documentation would be appreciated
if this is not the case.
And SAVI SEND is not the full story---it's still missing unicast flood
protection.
_____
NANOG mailing list
NANOG@nanog.org
https://mailman.nanog.org/mailman/listinfo/nanog
