nanog mailing list archives
Re: v6 subnet size for DSL & leased line customers
From: Tony Li <tony.li () tony li>
Date: Wed, 26 Dec 2007 10:22:07 -0800
On Dec 26, 2007, at 8:26 AM, Leo Bicknell wrote:
In a message written on Tue, Dec 25, 2007 at 12:43:45AM -0500, Kevin Loch wrote:RA is a shotgun. All hosts on a segment get the same gateway. I have no idea what a host on multiple segments with different gateways woulddo. Hosting environments can get complex thanks to customerI would like to point out that in IPv4 we have ICMP Router Advertisement messages. I have never seen them used on a productionnetwork. I know one of the worries is security, that a compromised hostcould send out advertisements, drawing traffic to it that it can then snoop and pass on to the real gateway. Having not looked in great detail, I am unclear if IPv6 has done something to fix this concern or not.Is this feature going to get turned off when the first worm comes alongthat spoofs RA's
It's unlikely that it will matter. In practice, ICMP router discovery died a long time ago, thanks to neglect. Host vendors didn't adopt it, and it languished. The problem eventually got solved with HSRP and its clone, VRRP.
This doesn't resolve the real underlying problem: Ethernet is inherently insecure. MAC addresses can be forged, protocols (ARP, ND) can be forged and at this point, there's not much that we can do about it. Architecturally, we need authentication over each and every control plane packet sent. Getting there without invoking the full complexity of a public key infrastructure is still an unsolved problem, AFAIK.
Tony
Current thread:
- Re: v6 subnet size for DSL & leased line customers, (continued)
- Re: v6 subnet size for DSL & leased line customers Kevin Loch (Dec 24)
- Re: v6 subnet size for DSL & leased line customers Iljitsch van Beijnum (Dec 24)
- Re: v6 subnet size for DSL & leased line customers Kevin Loch (Dec 24)
- Re: v6 subnet size for DSL & leased line customers Owen DeLong (Dec 24)
- Re: v6 subnet size for DSL & leased line customers sthaug (Dec 25)
- Re: v6 subnet size for DSL & leased line customers Stephen Sprunk (Dec 25)
- Re: v6 subnet size for DSL & leased line customers Iljitsch van Beijnum (Dec 25)
- Re: v6 subnet size for DSL & leased line customers Leo Bicknell (Dec 26)
- Re: v6 subnet size for DSL & leased line customers Florian Weimer (Dec 26)
- Message not available
- Re: v6 subnet size for DSL & leased line customers Florian Weimer (Dec 26)
- Re: v6 subnet size for DSL & leased line customers Tony Li (Dec 26)
- Re: v6 subnet size for DSL & leased line customers Iljitsch van Beijnum (Dec 26)
- Re: v6 subnet size for DSL & leased line customers Leo Bicknell (Dec 26)
- Re: v6 subnet size for DSL & leased line customers Iljitsch van Beijnum (Dec 27)
- Re: v6 subnet size for DSL & leased line customers sthaug (Dec 27)
- Re: v6 subnet size for DSL & leased line customers Iljitsch van Beijnum (Dec 27)
- Re: v6 subnet size for DSL & leased line customers sthaug (Dec 27)
- Re: v6 subnet size for DSL & leased line customers Iljitsch van Beijnum (Dec 27)
- Re: v6 subnet size for DSL & leased line customers Mark Smith (Dec 27)
- Re: v6 subnet size for DSL & leased line customers Mark Smith (Dec 27)
- Re: v6 subnet size for DSL & leased line customers Leo Bicknell (Dec 27)