nanog mailing list archives

Re: IPv6 first hop security on a budget?

From: Saku Ytti <saku () ytti fi>
Date: Sat, 11 Nov 2017 14:00:47 +0900

Not suggesting there is no use case of RA Guard, DHCP6 Snooping, ICMP6
snooping, as I deployed IPv4 equivalent pretty much the day they were
available on 3560.

You might want to consider de-perimeterisation. Do you offer way to
connect to intranet from Internet? If so, why not use same method in
office, and have equivalent 0 trust on office infra? Additional
benefit is OPEX reduction by not having users submit tickets 'X works
from VPN but not from office' and vice versa.

On 6 May 2017 at 08:27, Joel Whitehouse <code () joelwhitehouse com> wrote:

What's a good budget option for switching a small lab or office ipv6 with RA
Guard, DHCP6 snooping, and ICMP6 snooping?




-- 
  ++ytti

Current thread:

Re: IPv6 first hop security on a budget? Fernando Gont (Nov 10)
- Re: IPv6 first hop security on a budget? joel jaeggli (Nov 10)
- <Possible follow-ups>
- Re: IPv6 first hop security on a budget? Saku Ytti (Nov 10)