nanog mailing list archives
Re: IPv6 first hop security on a budget?
From: Saku Ytti <saku () ytti fi>
Date: Sat, 11 Nov 2017 14:00:47 +0900
Not suggesting there is no use case of RA Guard, DHCP6 Snooping, ICMP6 snooping, as I deployed IPv4 equivalent pretty much the day they were available on 3560. You might want to consider de-perimeterisation. Do you offer way to connect to intranet from Internet? If so, why not use same method in office, and have equivalent 0 trust on office infra? Additional benefit is OPEX reduction by not having users submit tickets 'X works from VPN but not from office' and vice versa. On 6 May 2017 at 08:27, Joel Whitehouse <code () joelwhitehouse com> wrote:
What's a good budget option for switching a small lab or office ipv6 with RA Guard, DHCP6 snooping, and ICMP6 snooping?
-- ++ytti
Current thread:
- Re: IPv6 first hop security on a budget? Fernando Gont (Nov 10)
- Re: IPv6 first hop security on a budget? joel jaeggli (Nov 10)
- <Possible follow-ups>
- Re: IPv6 first hop security on a budget? Saku Ytti (Nov 10)