Re: NIST IPv6 document

["Miquel van Smoorenburg" <mikevs () xs4all net>]

In article <AANLkTin10qow6Tt+YMfX8OienxixCqH57movhRj3uvSZ () mail gmail com> you write:
> On Thu, Jan 6, 2011 at 4:32 AM, Joel Jaeggli <joelja () bogus com> wrote:
> > Which at a minimum is why you want to police the number of nd messages
> > that the device sends and unreachable entries do not simply fill up the
> > nd cache, such that new mappings in fact can be learned because there
>
> Your solution is to break the router (or subnet) with a policer,
> instead of breaking it with a full table.  That is not better; both
> result in a broken subnet or router.  If NDP requires an NDCache with
> "incomplete" entries to learn new adjacencies, then preventing it from
> filling up will ... prevent it from learning new adjacencies.  Do you
> see how this is not a solution?

If all nodes implemented RFC4620 (IPv6 Node Information Queries),
then you could ratelimit ND queries and, when ratelimiting,
just regularly (say every few seconds) refresh the neighbor list
with a multicast NI Node Addresses Query .

In fact a router can still do this, it's just the nodes that do not
implement RFC4620 that suffer the most, and perhaps that will serve
as an incentive to get RFC4620 implemented on those nodes.

Mike.