[148116] in North American Network Operators' Group
Re: IPv6 RA vs DHCPv6 - The chosen one?
daemon@ATHENA.MIT.EDU (Owen DeLong)
Tue Jan 3 16:59:18 2012
From: Owen DeLong <owen@delong.com>
In-Reply-To: <CAPWAtb+NA1Sc03o9U25qXUqQFOv2=aK2WXvJvu2v48ZsXYcbfQ@mail.gmail.com>
Date: Tue, 3 Jan 2012 13:56:57 -0800
To: Jeff Wheeler <jsw@inconcepts.biz>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Dec 23, 2011, at 1:23 PM, Jeff Wheeler wrote:
> On Fri, Dec 23, 2011 at 4:13 PM, Mohacsi Janos <mohacsi@niif.hu> =
wrote:
>> If you can limit number of ARP/NDP entries per interfaces and you =
complement
>> RAGuard and DHCPv4 snooping your are done.
>=20
> That depends on how ARP/ND gleaning works on the box. In short, Cisco
> already has a knob to limit the number of ND entries per interface on
> some of their kit, and it is not a solution, only a damage mitigation
> measure. http://inconcepts.biz/~jsw/IPv6_NDP_Exhaustion.pdf
In the real world, sufficient damage prevention/mitigation qualifies as =
a solution.
Owen
