[177059] in North American Network Operators' Group
RE: Estonian IPv6 deployment report
daemon@ATHENA.MIT.EDU (Phil Bedard)
Sat Dec 27 11:42:14 2014
X-Original-To: nanog@nanog.org
To: =?utf-8?Q?Anders_L=C3=B6winger?= <anders@abundo.se>, <nanog@nanog.org>
From: Phil Bedard <bedard.phil@gmail.com>
Date: Sat, 27 Dec 2014 11:41:55 -0500
In-Reply-To: <549EDB11.2040807@abundo.se>
Errors-To: nanog-bounces@nanog.org
The access boxes and BNG typically have protection mechanisms in place. Al=
so even though customers are in a shared VLAN and IP subnet they aren't typ=
ically on the same broadcast domain. In the case of active Ethernet you us=
e things like private Vlans or other access controls. =20
Phil
-----Original Message-----
From: "Anders L=C3=B6winger" <anders@abundo.se>
Sent: =E2=80=8E12/=E2=80=8E27/=E2=80=8E2014 11:17 AM
To: "nanog@nanog.org" <nanog@nanog.org>
Subject: Re: Estonian IPv6 deployment report
On 2014-12-22 16:27, Tarko Tikan wrote:
> Our access network is mix of DSL/GPON/wimax/p2p-ETH and broadband service=
is
> deployed in shared service vlans. IPv6 traffic shares vlan with IPv4.
How do you protect customers from each other?
There are many nasty IPv6 attacks you can do when on a shared VLAN.
/Anders
