[170452] in North American Network Operators' Group
Re: IPv6 Security [Was: Re: misunderstanding scale]
daemon@ATHENA.MIT.EDU (Jack Bates)
Thu Mar 27 14:14:52 2014
Date: Thu, 27 Mar 2014 13:14:30 -0500
From: Jack Bates <jbates@brightok.net>
To: nanog@nanog.org
In-Reply-To: <53345D91.6010301@prgmr.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 3/27/2014 12:19 PM, Luke S. Crawford wrote:
>
> This is a very common problem for dedicated hosting providers (and why
> I give my dedicated hosts a vlan and a routed subnet, wasting IPv4.)
>
Implement what some DSL access providers do. Unnumbered interfaces with
/32 routing to the vlan. The last I checked, I think a J can even get
the /32 route from radius when using autoconfig with radius auth. We did
similar things with IPv6, as well. proxy-arp/proxy-nd to handle the
cross talk.
IOS 12.1 7206 confirmed. No autoconf, but static subinterfaces for each
vlan (q-in-q supported or atm), unnumbered to loopback. DHCPv4 and
static routing works. IPv6 had issues, but could handle static /64 per
subint.
ASR/J MX, autoconfig w/ radius backend, manual subint/unit, or
combination. DHCPv4 confirmed, static host routes confirmed. IPv6 not
confirmed. Radius static host route establishment not confirmed. Still
testing.
Jack
