nanog mailing list archives
Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?)
From: Benson Schliesser <bensons () queuefull net>
Date: Tue, 12 Jul 2011 18:57:04 -0500
On Jul 11, 2011, at 7:19 PM, Jeff Wheeler wrote:
Again, this is only hard to understand (or accept) if you don't know how your routers work. * why do you think there is an ARP and ND table? * why do you think there are policers to protect the CPU from excessive ARP/ND punts or traffic? * do you even know the limit of your boxes' ARP / ND tables? Do you realize that limit is a tiny fraction of one /64? * do you understand what happens when your ARP/ND policers are reached? * did you think about the impact on neighboring routers and protocol next-hops, not just servers? * did you every try to deploy a /16 on a flat LAN with a lot of hosts and see what happens? Doesn't work too well. A v6 /64 is 281 trillion times bigger than a v4 /16. There's no big leap of logic here as to why one rogue machine could break your LAN.
FYI, in case you're interested in these topics, the IETF working group ARMD was chartered to explore address resolution scale. I'm one of the co-chairs. It's in the Operations Area, and we'd love to have more operators involved - if you're willing to contribute, your input will help set the direction. (If operators don't contribute, it will be just another vendor-led circle... well, you know the score.) For details please see http://tools.ietf.org/wg/armd/charters. Cheers, -Benson
Current thread:
- Re: NDP DoS attack, (continued)
- Re: NDP DoS attack Florian Weimer (Jul 17)
- Re: NDP DoS attack (was Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?)) William Herrin (Jul 17)
- Re: NDP DoS attack (was Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?)) Jeff Wheeler (Jul 17)
- Re: NDP DoS attack (was Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?)) Owen DeLong (Jul 17)
- Re: NDP DoS attack (was Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?)) Jeff Wheeler (Jul 17)
- Re: NDP DoS attack (was Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?)) Owen DeLong (Jul 17)
- Re: NDP DoS attack (was Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?)) William Herrin (Jul 17)
- Re: NDP DoS attack (was Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?)) Owen DeLong (Jul 17)
- Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?) Jeff Wheeler (Jul 11)
- Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?) Owen DeLong (Jul 11)
- Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?) Benson Schliesser (Jul 12)
- Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?) William Herrin (Jul 11)
- RE: Anybody can participate in the IETF (Was: Why is IPv6 broken?) Ronald Bonica (Jul 12)
- Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?) Leo Bicknell (Jul 12)
- Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?) Cameron Byrne (Jul 12)
- in defense of lisp (was: Anybody can participate in the IETF) Randy Bush (Jul 12)
- Re: in defense of lisp (was: Anybody can participate in the IETF) Cameron Byrne (Jul 12)
- Re: in defense of lisp (was: Anybody can participate in the IETF) Randy Bush (Jul 12)
- Re: in defense of lisp (was: Anybody can participate in the IETF) Jeff Wheeler (Jul 13)
- Re: in defense of lisp (was: Anybody can participate in the IETF) Randy Bush (Jul 13)
- Re: in defense of lisp (was: Anybody can participate in the IETF) Scott Brim (Jul 13)