nanog mailing list archives

Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?)

From: Benson Schliesser <bensons () queuefull net>
Date: Tue, 12 Jul 2011 18:57:04 -0500


On Jul 11, 2011, at 7:19 PM, Jeff Wheeler wrote:

Again, this is only hard to understand (or accept) if you don't know
how your routers work.
* why do you think there is an ARP and ND table?
* why do you think there are policers to protect the CPU from
excessive ARP/ND punts or traffic?
* do you even know the limit of your boxes' ARP / ND tables?  Do you
realize that limit is a tiny fraction of one /64?
* do you understand what happens when your ARP/ND policers are reached?
* did you think about the impact on neighboring routers and protocol
next-hops, not just servers?
* did you every try to deploy a /16 on a flat LAN with a lot of hosts
and see what happens?  Doesn't work too well.  A v6 /64 is 281
trillion times bigger than a v4 /16.  There's no big leap of logic
here as to why one rogue machine could break your LAN.


FYI, in case you're interested in these topics, the IETF working group ARMD was chartered to explore address resolution 
scale.  I'm one of the co-chairs.  It's in the Operations Area, and we'd love to have more operators involved - if 
you're willing to contribute, your input will help set the direction.  (If operators don't contribute, it will be just 
another vendor-led circle... well, you know the score.)

For details please see http://tools.ietf.org/wg/armd/charters.

Cheers,
-Benson

Current thread:

Re: NDP DoS attack, (continued)
- - - Re: NDP DoS attack Florian Weimer (Jul 17)
    - Re: NDP DoS attack (was Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?)) William Herrin (Jul 17)
    - Re: NDP DoS attack (was Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?)) Jeff Wheeler (Jul 17)
    - Re: NDP DoS attack (was Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?)) Owen DeLong (Jul 17)
    - Re: NDP DoS attack (was Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?)) Jeff Wheeler (Jul 17)
    - Re: NDP DoS attack (was Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?)) Owen DeLong (Jul 17)
    - Re: NDP DoS attack (was Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?)) William Herrin (Jul 17)
    - Re: NDP DoS attack (was Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?)) Owen DeLong (Jul 17)
    - Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?) Jeff Wheeler (Jul 11)
    - Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?) Owen DeLong (Jul 11)
    - Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?) Benson Schliesser (Jul 12)
    - Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?) William Herrin (Jul 11)
    - RE: Anybody can participate in the IETF (Was: Why is IPv6 broken?) Ronald Bonica (Jul 12)
    - Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?) Leo Bicknell (Jul 12)
    - Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?) Cameron Byrne (Jul 12)
    - in defense of lisp (was: Anybody can participate in the IETF) Randy Bush (Jul 12)
    - Re: in defense of lisp (was: Anybody can participate in the IETF) Cameron Byrne (Jul 12)
    - Re: in defense of lisp (was: Anybody can participate in the IETF) Randy Bush (Jul 12)
    - Re: in defense of lisp (was: Anybody can participate in the IETF) Jeff Wheeler (Jul 13)
    - Re: in defense of lisp (was: Anybody can participate in the IETF) Randy Bush (Jul 13)
    - Re: in defense of lisp (was: Anybody can participate in the IETF) Scott Brim (Jul 13)

(Thread continues...)