nanog mailing list archives

Re: quietly....

From: Mohacsi Janos <mohacsi () niif hu>
Date: Thu, 3 Feb 2011 09:45:29 +0100 (CET)




On Wed, 2 Feb 2011, Tony Finch wrote:

On Wed, 2 Feb 2011, Iljitsch van Beijnum wrote:


Example: if you give administrators the option of putting a router
address in a DHCP option, they will do so and some fraction of the time,
this will be the wrong address and things don't work. If you let routers
announce their presence, then it's virtually impossible that something
goes wrong because routers know who they are. A clear win.


Counterexample: rogue RAs from Windows boxes running 6to4 or Teredo and
Internet Connection Sharing. This is a lot harder to fix than a
misconfigured DHCP server.

http://malc.org.uk/6doom

Force your switch vendor to implement rogue RA filter (ra guard) in yourbox:


http://tools.ietf.org/html/draft-ietf-v6ops-ra-guard

Best Regards,
        Janos Mohacsi

Current thread:

Re: quietly...., (continued)
- - - Re: quietly.... Ricky Beam (Feb 02)
    - Re: quietly.... Lamar Owen (Feb 02)
    - Re: quietly.... Tony Finch (Feb 02)
    - Re: quietly.... Mark Andrews (Feb 02)
    - Re: quietly.... Nick Hilliard (Feb 02)
    - Re: quietly.... Randy Bush (Feb 02)
    - Re: quietly.... Tony Finch (Feb 02)
    - Re: quietly.... Jack Bates (Feb 02)
    - Re: quietly.... Owen DeLong (Feb 02)
    - Re: quietly.... Mark Smith (Feb 02)
    - Re: quietly.... Mohacsi Janos (Feb 03)
    - Re: quietly.... Jack Bates (Feb 02)
    - Re: quietly.... Randy Bush (Feb 02)
    - Re: quietly.... John Payne (Feb 02)
    - Re: quietly.... Valdis . Kletnieks (Feb 02)
    - Re: quietly.... Jeff Kell (Feb 02)
    - Re: quietly.... Mark Andrews (Feb 02)
    - Re: quietly.... Ricky Beam (Feb 02)
    - Re: quietly.... Mark Andrews (Feb 02)
    - Re: quietly.... Owen DeLong (Feb 02)
    - Re: quietly.... Valdis . Kletnieks (Feb 03)

(Thread continues...)