nanog mailing list archives

Re: Estonian IPv6 deployment report

From: Enno Rey <erey () ernw de>
Date: Sat, 27 Dec 2014 17:37:33 +0100

Hi,

On Sat, Dec 27, 2014 at 05:15:13PM +0100, Anders L??winger wrote:

On 2014-12-22 16:27, Tarko Tikan wrote:

Our access network is mix of DSL/GPON/wimax/p2p-ETH and broadband service is
deployed in shared service vlans. IPv6 traffic shares vlan with IPv4.


How do you protect customers from each other?

There are many nasty IPv6 attacks you can do when on a shared VLAN.


true, but some (most) of them only apply in networks where multicasting/ND is fully supported which is not necessarily 
the case in the above type of networks.
and, from what I understand, in their scenario RAs are not sent to link-local scope all nodes (ff02::1), so that would 
eliminate another attack vector (depending on the actual processing of RAs on the CPEs).

best

Enno


/Anders


-- 
Enno Rey

ERNW GmbH - Carl-Bosch-Str. 4 - 69115 Heidelberg - www.ernw.de
Tel. +49 6221 480390 - Fax 6221 419008 - Cell +49 173 6745902 

Handelsregister Mannheim: HRB 337135
Geschaeftsfuehrer: Enno Rey

=======================================================
Blog: www.insinuator.net || Conference: www.troopers.de
Twitter: @Enno_Insinuator
=======================================================

Current thread:

Estonian IPv6 deployment report Tarko Tikan (Dec 22)
- Re: Estonian IPv6 deployment report Pavel Odintsov (Dec 22)
- Re: Estonian IPv6 deployment report Anders Löwinger (Dec 27)
  - Re: Estonian IPv6 deployment report Tarko Tikan (Dec 27)
    - Re: Estonian IPv6 deployment report Anders Löwinger (Dec 28)
    - Re: Estonian IPv6 deployment report Tarko Tikan (Dec 28)
  - Re: Estonian IPv6 deployment report Enno Rey (Dec 27)
    - Re: Estonian IPv6 deployment report Anders Löwinger (Dec 28)
  - RE: Estonian IPv6 deployment report Phil Bedard (Dec 27)