nanog mailing list archives
Re: Automatic IPv6 due to broadcast
From: Chuck Anderson <cra () WPI EDU>
Date: Mon, 23 Apr 2012 09:25:25 -0400
On Mon, Apr 23, 2012 at 12:24:53AM -0700, Owen DeLong wrote:
On Apr 22, 2012, at 10:30 PM, Jimmy Hess wrote:Particularly good L2 switches also have DAI or "IP Source guard" IPv4 functions, which when properly enabled, can foil certain L2 ARP and IPv4 source address spoofing attacks, respectively.e.g. Source IP address of packet does not match one of the DHCP leases issued to that port -- then drop the packet.Meh... I can see many cases where that might be more of a bug than feature. Especially in environments where loops may be possible and the DHCP lease might have come over a different path than the port in question during some network event.
You're only supposed to use those features on the port directly connected to the end-system, or to a few end-systems via an unmanaged office switch that doesn't have redundant uplinks. I.e. edge ports.
Current thread:
- Re: Automatic IPv6 due to broadcast, (continued)
- Re: Automatic IPv6 due to broadcast Mick O'Rourke (Apr 17)
- Re: Automatic IPv6 due to broadcast Anurag Bhatia (Apr 17)
- Re: Automatic IPv6 due to broadcast Brandon Penglase (Apr 16)
- Re: Automatic IPv6 due to broadcast Valdis . Kletnieks (Apr 16)
- Re: Automatic IPv6 due to broadcast Måns Nilsson (Apr 16)
- Re: Automatic IPv6 due to broadcast Carlos Martinez-Cagnazzo (Apr 17)
- Re: Automatic IPv6 due to broadcast Joel jaeggli (Apr 22)
- Re: Automatic IPv6 due to broadcast Grant Ridder (Apr 22)
- Re: Automatic IPv6 due to broadcast Jimmy Hess (Apr 22)
- Re: Automatic IPv6 due to broadcast Owen DeLong (Apr 23)
- Re: Automatic IPv6 due to broadcast Chuck Anderson (Apr 23)
- Re: Automatic IPv6 due to broadcast Owen DeLong (Apr 23)
- Re: Automatic IPv6 due to broadcast Chuck Anderson (Apr 23)
- Re: Automatic IPv6 due to broadcast Owen DeLong (Apr 23)
- Re: Automatic IPv6 due to broadcast Valdis . Kletnieks (Apr 23)
- Re: Automatic IPv6 due to broadcast Enno Rey (Apr 23)