nanog mailing list archives
Re: IPv6 Confusion
From: Nathan Ward <nanog () daork net>
Date: Thu, 19 Feb 2009 11:39:24 +1300
On 19/02/2009, at 11:20 AM, Adrian Chadd wrote:
On Thu, Feb 19, 2009, Nathan Ward wrote:So, those people don't use DHCP in IPv4 if this is a concern, so I'm guessing they are not hoping to use DHCPv6 either. Static configuration of IP addressing information and other configuration will work just fine for them. I wonder, do they use ARP?In the corporate world, you get wonderful L2/L3 features in switches, such as: * helper address stuff, to run centralised DHCP servers * dhcp sniffing/filtering * per port L2/L3 filters * dynamic arp inspection which are used on corporate LANs to both build out scalable address management platforms (ie, no need to run a DHCP server on each subnet,nor one DHCP server with seperate vlan if's to provide service), controlaccess and mitigate security risks. I don't know what the IPv6 LAN "snooping" functionality is across vendors but the last time I checked this out (say, 2-3 years ago) it was pretty lacking.
Yep. You asked your vendors to support equivalent IPv6 things at the time though, so when you roll out IPv6 the support is ready, right?
The point is that these deficiencies exist in IPv4, and I'm not sure how you would solve them in IPv6 (assuming you can make all the changes you want, and get instant industry-wide support) any better than you solve them in IPv4.
My view is that this is an ethernet switch thing, not a problem with the L3 protocols.
Are there IETF documents on the above L2/L3 features for dealing with these problems in IPv4? I have not seen any. There probably should be some though..
The things you are talking about are about protecting against misconfiguration, not about protecting against malicious people.See above.
Yep. -- Nathan Ward
Current thread:
- Re: IPv6 Confusion, (continued)
- Re: IPv6 Confusion sthaug (Feb 18)
- Re: IPv6 Confusion Adrian Chadd (Feb 18)
- Re: IPv6 Confusion Owen DeLong (Feb 18)
- RE: IPv6 Confusion Tony Hain (Feb 18)
- Re: IPv6 Confusion Nathan Ward (Feb 18)
- Greedy Routing Rod Beck (Feb 18)
- Re: Greedy Routing Valdis . Kletnieks (Feb 18)
- RE: Greedy Routing Deepak Jain (Feb 18)
- RE: Greedy Routing Jake Mertel (Feb 18)
- Re: IPv6 Confusion Adrian Chadd (Feb 18)
- Re: IPv6 Confusion Nathan Ward (Feb 18)
- Re: IPv6 Confusion Adrian Chadd (Feb 18)
- Re: IPv6 Confusion Matthew Moyle-Croft (Feb 18)
- Re: IPv6 Confusion Nathan Ward (Feb 18)
- Re: IPv6 Confusion Matthew Moyle-Croft (Feb 18)
- Re: IPv6 Confusion Jack Bates (Feb 18)
- Re: IPv6 Confusion David Barak (Feb 18)
- RE: IPv6 Confusion Tony Hain (Feb 18)
- Re: IPv6 Confusion David Conrad (Feb 18)
- Re: IPv6 Confusion Randy Bush (Feb 18)
- Re: IPv6 Confusion Nick Hilliard (Feb 19)