Sorry, I still don't get it. We need more detail! Two things stand out:
> If two devices happen to have the same Ethernet MAC address as a > consequence of incompetent manufacture, the link-local address derived > for that interface will also be non-unique, provided it is derived > from the EUI-64 identifier. This has been identified as an > inconveniently frequent scenario (impacting ~4% of access nodes at any > given time) this 4% figure seems *very* high. Can you please provide more details on how you reached that number? Also, if you have two devices on the same link sharing the same MAC address, you have problems. Period. Having duplicate IP addresses is only one symptom. If you fix that problem, but still have duplicate MAC addresses in use, it is not clear to me that your network will function correctly. Have you done the analysis to be sure that the duplicate MAC address scenario is something that is solvable in practice? > When numerous hosts share an Ethernet broadcast domain, the BNG/edge > router needs to support a mechanism that ensures duplicate link-local > addresses can be handled correctly without necessarily depending on > cooperative action by the hosts > > it is explicitly required to do something to make this happen Again, it is not clear to me what "handling correctly" even means. Finally, the charts say you are worried about a "malicious user" sending out bogus ND packets. ND simply can't deal with this sort of hostile environment, and there is no easy way to fix this. Is that what you are asking this group to fix? For that matter, ARP doesn't address this problem either. Is there a new problem that shows up with IPv6 that didn't exist with IPv4? And if not, what is wrong with using the IPv4 solutions (assuming they exist)? Thomas -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
