[152279] in North American Network Operators' Group
Re: Automatic IPv6 due to broadcast
daemon@ATHENA.MIT.EDU (Owen DeLong)
Mon Apr 23 12:08:49 2012
From: Owen DeLong <owen@delong.com>
In-Reply-To: <20120423152314.GI23416@angus.ind.WPI.EDU>
Date: Mon, 23 Apr 2012 09:03:25 -0700
To: Chuck Anderson <cra@WPI.EDU>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Apr 23, 2012, at 8:23 AM, Chuck Anderson wrote:
> On Mon, Apr 23, 2012 at 06:38:09AM -0700, Owen DeLong wrote:
>>=20
>> On Apr 23, 2012, at 6:25 AM, Chuck Anderson wrote:
>>=20
>>> On Mon, Apr 23, 2012 at 12:24:53AM -0700, Owen DeLong wrote:
>>>> On Apr 22, 2012, at 10:30 PM, Jimmy Hess wrote:
>>>>> Particularly good L2 switches also have
>>>>> DAI or "IP Source guard" IPv4 functions, which when properly
>>>>> enabled, can foil certain L2 ARP and IPv4 source address =
spoofing
>>>>> attacks, respectively.
>>>>>=20
>>>>=20
>>>>> e.g. Source IP address of packet does not match one of the DHCP =
leases
>>>>> issued to that port -- then drop the packet.
>>>>>=20
>>>>=20
>>>> Meh... I can see many cases where that might be more of a bug than =
feature.
>>>>=20
>>>> Especially in environments where loops may be possible and the DHCP =
lease might
>>>> have come over a different path than the port in question during =
some network event.
>>>=20
>>> You're only supposed to use those features on the port directly
>>> connected to the end-system, or to a few end-systems via an =
unmanaged
>>> office switch that doesn't have redundant uplinks. I.e. edge ports.
>>=20
>> In a lot of cases, enforcing that all address assignments are via =
DHCP can still be
>> counter-productive. Especially in IPv6.
>=20
> If a specific managed environment provides DHCPv6 and doesn't provide
> SLAAC, and the policies of said environment forbid static addressing,
> how can enforcing the use of DHCPv6 be counter-productive?
That's a lot of ifs. I said in a lot of cases. I didn't say in all =
cases.
If you satisfy all of your ifs, then it's not one of the cases of which =
I speak.
Owen
