nanog mailing list archives

Re: NIST IPv6 document

From: Phil Regnauld <regnauld () nsrc org>
Date: Wed, 5 Jan 2011 18:57:50 +0100

Jeff Wheeler (jsw) writes:

are badly needed.  The largest current routing devices have room for
about 100,000 ARP/NDP entries, which can be used up in a fraction of a
second with a gigabit of malicious traffic flow.  What happens after
that is the problem, and we need to tell our vendors what knobs we
want so we can "choose our own failure mode" and limit damage to one
interface/LAN.


        Well there are *some* knobs:

        http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-addrg_bsc_con.html#wp1369018

        Not very smart, as it just controls how fast you run out of entries.

        I haven't read all entries in this thread yet, but I wonder if
        http://tools.ietf.org/html/draft-jiang-v6ops-nc-protection-01 has been
        mentioned ?

        Seems also that this topic has been brought up here a year ago give
        or take a couple of weeks:

        http://www.mail-archive.com/nanog () nanog org/msg18841.html


        Cheers,
        Phil

Current thread:

Re: NIST IPv6 document, (continued)
- - - Re: NIST IPv6 document Owen DeLong (Jan 07)
    - Message not available
    - Re: NIST IPv6 document Tim Chown (Jan 10)
    - Re: NIST IPv6 document Owen DeLong (Jan 10)
    - Re: NIST IPv6 document Jack Bates (Jan 10)
    - Re: NIST IPv6 document Iljitsch van Beijnum (Jan 05)
    - Re: NIST IPv6 document Jeff Wheeler (Jan 05)
    - Re: NIST IPv6 document Joel Jaeggli (Jan 05)
    - Re: NIST IPv6 document Jeff Wheeler (Jan 05)
    - Re: NIST IPv6 document Phil Regnauld (Jan 05)
    - Re: NIST IPv6 document Jeff Wheeler (Jan 05)
    - Re: NIST IPv6 document Phil Regnauld (Jan 05)
    - Re: NIST IPv6 document Mark Smith (Jan 06)
    - Re: NIST IPv6 document Owen DeLong (Jan 06)
    - Re: NIST IPv6 document Phil Regnauld (Jan 06)
    - Re: NIST IPv6 document Jack Bates (Jan 05)
    - Re: NIST IPv6 document Richard Barnes (Jan 05)
    - Re: NIST IPv6 document TJ (Jan 05)
    - Re: NIST IPv6 document Jeff Wheeler (Jan 05)
    - Re: NIST IPv6 document Dobbins, Roland (Jan 05)
    - Re: NIST IPv6 document TJ (Jan 06)
    - Re: NIST IPv6 document Jack Bates (Jan 06)

(Thread continues...)