In your letter dated Thu, 23 Sep 2010 13:03:35 +0200 (CEST) you wrote: >On Thu, 23 Sep 2010, Philip Homburg wrote: >> The CPE can then for example continue sending RS messages, and can >> terminate NS messages by always returning the concentrator's MAC >> address, etc. > >One cannot trust equipment under customer physical control. Ask the >creators of Sony PS3 and Microsoft Xbox 360 and ask them how easy it is.
I did not mean to trust the CPE. I mean that whatever layer violation you want done, can be hidden in the CPE instead of exposing it to the host (or router) behind it. For example, a host may react to redirects. But if the CPE simply filters out all redirects coming from the WAN, then the host does have to modified/configured to ignore them. Also, if you want to avoid sending NS messages over the WAN, then the CPE can remember the MAC address of the DHCP relay and fake that to the host as the MAC address of the default router. -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
