nanog mailing list archives

Re: NDP DoS attack

From: Florian Weimer <fw () deneb enyo de>
Date: Sun, 17 Jul 2011 11:48:25 +0200

* Mikael Abrahamsson:

On Sun, 17 Jul 2011, Florian Weimer wrote:

In practice, the IPv4 vs IPv6 difference is that some vendors
provide DHCP snooping, private VLANs and unicast flood protection in
IPv4 land, which seems to provide a scalable way to build Ethernet
networks with address validation---but there is nothing comparable
for IPv6 right now, from any vendor.


That is not true. Check out work and reports from the IETF SAVI
WG. There are actually quite a few implementations out there, being
used in production.


Others use tunnels, PPPoE or lots of scripting, so certainly something
can be done about it.  To my knowledge, SAVI SEND is still at a
similar stage.  Pointers to vendor documentation would be appreciated
if this is not the case.

And SAVI SEND is not the full story---it's still missing unicast flood
protection.

_____
NANOG mailing list
NANOG () nanog org
https://mailman.nanog.org/mailman/listinfo/nanog

Current thread:

Re: NDP DoS attack (was Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?)), (continued)
- - - Re: NDP DoS attack (was Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?)) Fernando Gont (Jul 14)
    - Re: NDP DoS attack (was Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?)) Jared Mauch (Jul 14)
    - Re: NDP DoS attack (was Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?)) Jimmy Hess (Jul 14)
    - Re: NDP DoS attack (was Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?)) Fernando Gont (Jul 14)
    - Re: NDP DoS attack (was Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?)) Owen DeLong (Jul 14)
    - Re: NDP DoS attack (was Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?)) Valdis . Kletnieks (Jul 15)
    - Re: NDP DoS attack (was Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?)) Dobbins, Roland (Jul 17)
    - Re: NDP DoS attack Florian Weimer (Jul 17)
    - Re: NDP DoS attack Dobbins, Roland (Jul 17)
    - Re: NDP DoS attack Mikael Abrahamsson (Jul 17)
    - Re: NDP DoS attack Florian Weimer (Jul 17)
    - Re: NDP DoS attack Mikael Abrahamsson (Jul 17)
    - Re: NDP DoS attack Florian Weimer (Jul 17)
    - Re: NDP DoS attack Mikael Abrahamsson (Jul 17)
    - Re: NDP DoS attack Florian Weimer (Jul 17)
    - Re: NDP DoS attack (was Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?)) William Herrin (Jul 17)
    - Re: NDP DoS attack (was Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?)) Jeff Wheeler (Jul 17)
    - Re: NDP DoS attack (was Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?)) Owen DeLong (Jul 17)
    - Re: NDP DoS attack (was Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?)) Jeff Wheeler (Jul 17)
    - Re: NDP DoS attack (was Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?)) Owen DeLong (Jul 17)
    - Re: NDP DoS attack (was Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?)) William Herrin (Jul 17)

(Thread continues...)