nanog mailing list archives
RE: IPv6 Deployment for the LAN
From: "TJ" <trejrco () gmail com>
Date: Sun, 18 Oct 2009 07:55:36 -0400
"This is a real problem even for people who are not using IPv6 right now and have no desire to use IPv6 yet, because Rogue RAs will redirect all IPv6 traffic to a rogue box on the LAN" Answer = "RA Guard" - push your vendor-of-choice to implement it :). /TJ -----Original Message----- From: Chuck Anderson [mailto:cra () WPI EDU] Sent: Sunday, October 18, 2009 4:52 AM To: nanog () nanog org Subject: Re: IPv6 Deployment for the LAN <snip> Unfortunately, no. Many/most LAN switches don't support filtering IPv6 traffic yet. Of those that do, most only support TCP/UDP ports but not ICMPv6 types or RA specifically. Therefore, right now it is probably easier to find support to filter DHCPv6 (udp source port 547) than it is to find support to filter RA. This is a real problem even for people who are not using IPv6 right now and have no desire to use IPv6 yet, because Rogue RAs will redirect all IPv6 traffic to a rogue box on the LAN, breaking access to dual-stack servers on the Internet. The impact is worse when you start trying to roll out IPv6 dual-stack to selected servers on your own LAN.
Current thread:
- Re: IPv6 Deployment for the LAN, (continued)
- Re: IPv6 Deployment for the LAN William Herrin (Oct 17)
- Re: IPv6 Deployment for the LAN Ray Soucy (Oct 17)
- Re: IPv6 Deployment for the LAN Nathan Ward (Oct 17)
- Re: IPv6 Deployment for the LAN Mikael Abrahamsson (Oct 17)
- Re: IPv6 Deployment for the LAN Clue Store (Oct 17)
- Re: IPv6 Deployment for the LAN Andy Davidson (Oct 18)
- Re: IPv6 Deployment for the LAN Mark Smith (Oct 18)
- Re: IPv6 Deployment for the LAN Nathan Ward (Oct 18)
- Re: IPv6 Deployment for the LAN Chuck Anderson (Oct 18)
- Re: IPv6 Deployment for the LAN Nathan Ward (Oct 18)
- RE: IPv6 Deployment for the LAN TJ (Oct 18)
- Re: IPv6 Deployment for the LAN Mark Smith (Oct 18)
- Re: IPv6 Deployment for the LAN Andy Davidson (Oct 18)
- Re: IPv6 Deployment for the LAN Nathan Ward (Oct 18)
- Re: IPv6 Deployment for the LAN Owen DeLong (Oct 18)
- RE: IPv6 Deployment for the LAN TJ (Oct 18)
- Re: IPv6 Deployment for the LAN Nathan Ward (Oct 18)
- Re: IPv6 Deployment for the LAN Kevin Loch (Oct 18)
- Re: {SPAM?} Re: IPv6 Deployment for the LAN Ray Soucy (Oct 18)
- RE: {SPAM?} Re: IPv6 Deployment for the LAN TJ (Oct 18)
- Re: {SPAM?} Re: IPv6 Deployment for the LAN Ray Soucy (Oct 18)
- Re: IPv6 Deployment for the LAN William Herrin (Oct 17)
- RE: IPv6 Deployment for the LAN TJ (Oct 18)