The problem is that there is no mandatory mechinism to obtain IPv6 addresses from nodes. This severly limits the ability to manage IPv6 networks.
-----Original Message----- From: Jari Arkko [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 21, 2005 12:30 To: Pashby, Ronald W CTR NSWCDD-B35 Cc: ipv6@ietf.org Subject: Re: Solicit comments on draft-pashby-ipv6-network-discovery-00.txt Hi, Some quick comments: I think its valuable to work on limits to ensure that existing mechanisms don't cause denial-of-service or flooding. > Good > network security mandates good network management for detecting > unauthorized devices on the network. It would seem that the recommended mechanisms are capable of detecting only devices that are accidentally unauthorized, e.g., plugged to the wrong Ethernet connector. But it wouldn't appear to be able to detect malicious unauthorized devices, as those would likely not respond to such queries. Also, given that IND is not widely implemented (according to the draft), it would seem that whatever we do would have limited success within a network that has nodes that predate the suggested mandatory-to-implement requirement. So some of the accidentially unauthorized nodes would also be missed, if they are older. > This draft does not "add" that feature. The feature already exists. > (snip) > 2) Requiring all nodes implement Inverse Neighbor Discover with the > addidtion of the response holdoff timer. > The feature exists. But an all-nodes mandatory implementation requirement is additional functionality, and I'm not sure there's justification for that yet - but I admit that I did not follow the discussion in the last meeting about this, so I may be missing something. One approach would be to publish INDbis spec, but not make it mandatory for everyone. --Jari -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------