[180775] in North American Network Operators' Group
Re: Android (lack of) support for DHCPv6
daemon@ATHENA.MIT.EDU (Masataka Ohta)
Wed Jun 10 11:30:35 2015
X-Original-To: nanog@nanog.org
Date: Thu, 11 Jun 2015 00:30:07 +0900
From: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
To: nanog@nanog.org
In-Reply-To: <CAKGbBm=kfKsmEWaiS-5Wm=Z8Xb=qCnbZR+WzeBHrSmXJYd2avg@mail.gmail.com>
Errors-To: nanog-bounces@nanog.org
Lorenzo Colitti wrote:
> It's not the *only* option. There are large networks - O(100k) IPv6 nodes -
> that do ND monitoring for accountability, and it does work for them. Many
> devices support this via syslog, even. As you can imagine, my Android
> device gets IPv6 at work, even though it doesn't support DHCPv6. Other
> universities, too. It's obviously not your chosen or preferred mechanism,
> but it does work.
Considering that a DOS attack from a node using a lot of addresses to
effectively disable logging, SLAAC must not be used, unless maximum N,
the maximum number of addresses for a node to have, is standardized (
assuming a node is securely identified through the first hop security,
which is necessary to enforce the number of addresses used by each node).
Masataka Ohta
