nanog mailing list archives
Re: Estonian IPv6 deployment report
From: Anders Löwinger <anders () abundo se>
Date: Sun, 28 Dec 2014 12:01:57 +0100
On 2014-12-27 17:37, Enno Rey wrote:
true, but some (most) of them only apply in networks where multicasting/ND is fully supported which is not necessarily the case in the above type of networks.
Yes. I'm aware of the various types of solutions for security in IPv6 with shared VLANs. I was curious of what solution they used.
and, from what I understand, in their scenario RAs are not sent to link-local scope all nodes (ff02::1), so that would eliminate another attack vector (depending on the actual processing of RAs on the CPEs).
In P2P-Eth you can always remove the CPE and connect your hacker PC instead, and then start to inject RAs. Depending on the network this will be handled or not. Now it sounds they have a good solution in place, no L2 between customer ports. /Anders
Current thread:
- Estonian IPv6 deployment report Tarko Tikan (Dec 22)
- Re: Estonian IPv6 deployment report Pavel Odintsov (Dec 22)
- Re: Estonian IPv6 deployment report Anders Löwinger (Dec 27)
- Re: Estonian IPv6 deployment report Tarko Tikan (Dec 27)
- Re: Estonian IPv6 deployment report Anders Löwinger (Dec 28)
- Re: Estonian IPv6 deployment report Tarko Tikan (Dec 28)
- Re: Estonian IPv6 deployment report Tarko Tikan (Dec 27)
- Re: Estonian IPv6 deployment report Enno Rey (Dec 27)
- Re: Estonian IPv6 deployment report Anders Löwinger (Dec 28)
- RE: Estonian IPv6 deployment report Phil Bedard (Dec 27)