nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: NIST IPv6 document

From: Phil Regnauld <regnauld () nsrc org>
Date: Thu, 6 Jan 2011 11:41:17 +0100
Owen DeLong (owen) writes:


But, Jeff, if the router has a bunch of /24s attached to it and you scan
them all, the problem is much larger than 250 arp entries.

I think that's what Phil was getting at.

        
        And so did Joel.  If you've got a crapload of VLANs attached to a box,
        and you're routing these for customers (say, virtual firewall instances),
        you'll see this easily.

        I do understand the argument that sweeping a /64 will mean more L3->L2
        lookups for directly connected subnets than in v4, but the problem domain
        remains the same, and I think it's been already explained here that there
        are various strategies to mitigate this.
        
        Additionnally I believe the size of typical recommended IPv6 space will
        probably discourage idle scanning, though this may change as the resources
        available increase, as Joe G. pointed out.  If it does not, we'll have to
        address it if the existing mitigation techniques aren't sufficient.

        Phil
Previous By Date Next
Previous By Thread Next

Current thread: