nanog mailing list archives
Re: IPv6 RA vs DHCPv6 - The chosen one?
From: Owen DeLong <owen () delong com>
Date: Tue, 3 Jan 2012 13:56:57 -0800
On Dec 23, 2011, at 1:23 PM, Jeff Wheeler wrote:
On Fri, Dec 23, 2011 at 4:13 PM, Mohacsi Janos <mohacsi () niif hu> wrote:If you can limit number of ARP/NDP entries per interfaces and you complement RAGuard and DHCPv4 snooping your are done.That depends on how ARP/ND gleaning works on the box. In short, Cisco already has a knob to limit the number of ND entries per interface on some of their kit, and it is not a solution, only a damage mitigation measure. http://inconcepts.biz/~jsw/IPv6_NDP_Exhaustion.pdf
In the real world, sufficient damage prevention/mitigation qualifies as a solution. Owen
Current thread:
- Re: IPv6 RA vs DHCPv6 - The chosen one? Owen DeLong (Jan 03)
- <Possible follow-ups>
- Re: IPv6 RA vs DHCPv6 - The chosen one? Owen DeLong (Jan 03)
- Re: IPv6 RA vs DHCPv6 - The chosen one? Owen DeLong (Jan 03)
- Re: IPv6 RA vs DHCPv6 - The chosen one? Owen DeLong (Jan 03)
- Re: IPv6 RA vs DHCPv6 - The chosen one? Valdis . Kletnieks (Jan 03)