nanog mailing list archives
Re: Yahoo and IPv6
From: Robert Drake <rdrake () direcpath com>
Date: Sat, 14 May 2011 23:01:46 -0400
On 5/10/2011 12:57 AM, Jeff Wheeler wrote:
Your suggestion has two main disadvantages: 1) it doesn't work on some platforms, because input ACL won't stop ND learn/solicit -- obviously this is bad 2) it requires you to configure a potentially large input ACL on every single interface on the box, and adjust that ACL whenever you provision more IPv6 addresses for end-hosts -- kinda like not having a control-plane filter, only worse
Might need to rewrite some portion of ND to do this, but can't a cookie be encoded in the ND packet and no state kept? That should reduce the problem to one of a packet flood which everyone already deals with now.
Sorry if this has been suggested/shot down before. The ND problems keep being mentioned and I never see this proposed and it seems like an obvious solution.
Robert
Current thread:
- Re: Yahoo and IPv6, (continued)
- Re: Yahoo and IPv6 Doug Barton (May 09)
- RE: Yahoo and IPv6 Tony Hain (May 09)
- Re: Yahoo and IPv6 Doug Barton (May 09)
- Re: Yahoo and IPv6 Jeff Wheeler (May 09)
- Finger pointing [was: Yahoo and IPv6] Patrick W. Gilmore (May 09)
- Re: Finger pointing [was: Yahoo and IPv6] Jeff Wheeler (May 09)
- Re: Yahoo and IPv6 Jared Mauch (May 09)
- Re: Yahoo and IPv6 Jeff Wheeler (May 09)
- Re: Yahoo and IPv6 Joel Maslak (May 09)
- Re: Yahoo and IPv6 Jeff Wheeler (May 09)
- Re: Yahoo and IPv6 Robert Drake (May 14)
- Re: Yahoo and IPv6 Owen DeLong (May 09)
- Re: Yahoo and IPv6 Igor Gashinsky (May 09)
- Re: Yahoo and IPv6 Owen DeLong (May 10)
- RE: Yahoo and IPv6 Tony Hain (May 10)
- Re: Yahoo and IPv6 Tore Anderson (May 11)
- Re: Yahoo and IPv6 Valdis . Kletnieks (May 10)
- Re: Yahoo and IPv6 Igor Gashinsky (May 10)
- Re: Yahoo and IPv6 Owen DeLong (May 10)
- Re: Yahoo and IPv6 Matthew Palmer (May 10)
- Re: Yahoo and IPv6 Owen DeLong (May 10)