[168009] in North American Network Operators' Group
Re: turning on comcast v6
daemon@ATHENA.MIT.EDU (Owen DeLong)
Sat Jan 4 14:07:45 2014
From: Owen DeLong <owen@delong.com>
In-Reply-To: <op.w85e9uy3tfhldh@rbeam.xactional.com>
Date: Sat, 4 Jan 2014 11:03:21 -0800
To: Ricky Beam <jfbeam@gmail.com>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> For IPv6, you can become a/the router for a segment with the =
origination of a single packet. Instantly. That=92s something you can =
never do with DHCPv4.
>=20
A router, yes. THE router, not unless the network is very stupidly put =
together.
>> Well=85 Sure, 15 years after DHCP attacks first started being a =
serious problem=85 I doubt it will take anywhere near 15 years for RA =
guard on by default to be the norm in switches, etc.
>=20
> It'll **NEVER** be a default because it breaks too many clueless =
people's networks. Just like, surprise, DHCP "guard" isn't on by =
default in any gear I'm aware of.
I disagree. Unlike with DHCP guard, RA guard can make reasonable =
predictions in most cases. Switches with =93uplink=94 ports designated, =
for example, could easily default to permitting RAs only from those =
ports.
Owen
