[177058] in North American Network Operators' Group
Re: Estonian IPv6 deployment report
daemon@ATHENA.MIT.EDU (Enno Rey)
Sat Dec 27 11:38:36 2014
X-Original-To: nanog@nanog.org
Date: Sat, 27 Dec 2014 17:37:33 +0100
From: Enno Rey <erey@ernw.de>
To: nanog@nanog.org
In-Reply-To: <549EDB11.2040807@abundo.se>
Errors-To: nanog-bounces@nanog.org
Hi,
On Sat, Dec 27, 2014 at 05:15:13PM +0100, Anders L??winger wrote:
> On 2014-12-22 16:27, Tarko Tikan wrote:
>
> > Our access network is mix of DSL/GPON/wimax/p2p-ETH and broadband service is
> > deployed in shared service vlans. IPv6 traffic shares vlan with IPv4.
>
> How do you protect customers from each other?
>
> There are many nasty IPv6 attacks you can do when on a shared VLAN.
true, but some (most) of them only apply in networks where multicasting/ND is fully supported which is not necessarily the case in the above type of networks.
and, from what I understand, in their scenario RAs are not sent to link-local scope all nodes (ff02::1), so that would eliminate another attack vector (depending on the actual processing of RAs on the CPEs).
best
Enno
>
> /Anders
>
--
Enno Rey
ERNW GmbH - Carl-Bosch-Str. 4 - 69115 Heidelberg - www.ernw.de
Tel. +49 6221 480390 - Fax 6221 419008 - Cell +49 173 6745902
Handelsregister Mannheim: HRB 337135
Geschaeftsfuehrer: Enno Rey
=======================================================
Blog: www.insinuator.net || Conference: www.troopers.de
Twitter: @Enno_Insinuator
=======================================================
