[170349] in North American Network Operators' Group
Re: IPv6 Security [Was: Re: misunderstanding scale]
daemon@ATHENA.MIT.EDU (Jack Bates)
Wed Mar 26 14:17:52 2014
Date: Wed, 26 Mar 2014 13:17:26 -0500
From: Jack Bates <jbates@brightok.net>
To: nanog@nanog.org
In-Reply-To: <53331477.1070701@prgmr.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 3/26/2014 12:55 PM, Luke S. Crawford wrote:
>
> However, DHCPv6 isn't anywhere near as useful for me, as someone who
> normally deals with IPs that don't change, as DHCPv4 is.
>
My favorite is the RA thing. Years ago I decided that stupid DSLAMs were
better than smart ones, so I generally utilize 1 vlan per customer with
q-in-q and let the router handle all security. This meant I didn't have
the usual breakage smart DSLAMs had with IPv6. Ideally, the router would
run passive and not send regular RA updates. However, that isn't always
viable with all clients. Sending out regular announcements and
replicating them to all the vlans is extremely inefficient.
Jack
