nanog mailing list archives
RE: IPv6 delivery model to end customers
From: Mikael Abrahamsson <swmike () swm pp se>
Date: Mon, 9 Feb 2009 09:20:41 +0100 (CET)
On Mon, 9 Feb 2009, Pekka Savola wrote:
I may be missing something. "only have ethernet and IP". Why is plain-ethernet with each subscriber provisioned in a separate router's vlan subinterface insufficient? There is no security issue because each subscriber only sees its own traffic.
It's rare that this is the way it's done. Most ETTH deployments I know use one of these deployment scenarios: 1. One vlan per customer (not so often) plus uRPF like behaviour. 2. Shared broadcast domain with L2 devices doing one or several of: 2.1 Forced forwarding towards router. 2.2 ARP inspection 2.3 DHCP server protection (stops customers from running DHCP server) 2.4 Spoofing filters by means of DHCP snooping (both L2 and L3) 2.5 STP root guard 2.6 MAC rewrite 2.7 Ethertype filtering Plus more I can't think of right now.It's scenario 2 I'm worried about, all those machanisms haven't been implemented for IPv6 as far as I know and if you're only doing 2.2-2.5 then you're open to the IPv6 security issue I described.
-- Mikael Abrahamsson email: swmike () swm pp se
Current thread:
- IPv6 delivery model to end customers Mikael Abrahamsson (Feb 06)
- Re: IPv6 delivery model to end customers Nathan Ward (Feb 07)
- Re: IPv6 delivery model to end customers Jack Bates (Feb 07)
- RE: IPv6 delivery model to end customers John Lee (Feb 07)
- RE: IPv6 delivery model to end customers Mikael Abrahamsson (Feb 07)
- RE: IPv6 delivery model to end customers John Lee (Feb 07)
- RE: IPv6 delivery model to end customers Pekka Savola (Feb 09)
- RE: IPv6 delivery model to end customers Mikael Abrahamsson (Feb 09)
- RE: IPv6 delivery model to end customers Soucy, Ray (Feb 09)
- Re: IPv6 delivery model to end customers Mark Tinka (Feb 09)
- RE: IPv6 delivery model to end customers TJ (Feb 09)
- RE: IPv6 delivery model to end customers TJ (Feb 09)
- RE: IPv6 delivery model to end customers Soucy, Ray (Feb 09)
- RE: IPv6 delivery model to end customers TJ (Feb 09)
- RE: IPv6 delivery model to end customers Mikael Abrahamsson (Feb 09)
- RE: IPv6 delivery model to end customers TJ (Feb 10)
- Re: IPv6 delivery model to end customers Marshall Eubanks (Feb 10)
- RE: IPv6 delivery model to end customers Mikael Abrahamsson (Feb 07)