nanog mailing list archives
Re: IPv6 first hop security on a budget?
From: joel jaeggli <joelja () bogus com>
Date: Sat, 11 Nov 2017 14:28:03 +0800
On 11/11/17 09:14, Fernando Gont wrote:
On 05/05/2017 08:27 PM, Joel Whitehouse wrote:What's a good budget option for switching a small lab or office ipv6 with RA Guard, DHCP6 snooping, and ICMP6 snooping?If you do deploy this, please take a look at the issues discussed in RFC7113. Similar stuff is likely to apply to DHCPv6 snooping et al.
experiences vary, if you're looking to experience them first hand, warts implementation details and all, juniper ex2300c, cisco 3560cx are both small variants of both providers lower-end layer2/3 switches and are relatively inexpensive, fairly feature rich platforms. https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960cx_3650cx/software/release/15-2_3_e/configuration/guide/b_1523e_consolidated_2960cx_3560cx_cg/b_consolidated_152ex_2960-X_cg_chapter_0110000.pdf https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/router-advertisement-guard-edit-fo.html joel
Thanks! Best regards,
Current thread:
- Re: IPv6 first hop security on a budget? Fernando Gont (Nov 10)
- Re: IPv6 first hop security on a budget? joel jaeggli (Nov 10)
- <Possible follow-ups>
- Re: IPv6 first hop security on a budget? Saku Ytti (Nov 10)