On Thu, 9 Sep 2010, Fred Baker wrote:
Does that solve all problems? obviously not. It does limit the impact of certain classes of attacks. IP Source Guard, a feature from my company and also from some others, is essentially the same thing for IPv4, and appears to be popular in certain quarters.
Exactly. DHCPv4 inspection, forced-forwarding etc, all these make IPv4 deployable in low-cost L2 switch environment. This is the reason the same ISPs deploying the above would like to run completely without RAs (or at least block RAs from all customer ports) and rely completely on DHCPv6 for address hand-out, because then the L2 device can inspect this and implement filters.
-- Mikael Abrahamsson email: swm...@swm.pp.se -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
