On Jun 22, 2011, at 4:41 AM, Mikael Abrahamsson wrote: > On Wed, 22 Jun 2011, Mark Smith wrote: > >> It may be getting to the point where it'd probably be easier to address >> these issues by taking away hosts' ability to multicast to other hosts on >> the same segment i.e. switch to an NBMA/hub-and-spoke mode of LAN operation, >> allowing the designated routers to also act as traffic sanitisers for >> on-link inter-host traffic. > > I agree, that's the deployment model I advocate for hostile scenarios. Use > DHCPv6 for stateful addressing, advertise default GW via RA, don't advertise > any on-link prefix, and make sure hosts can't L2 communicate at all with each > other by means of enforcement in switches (or just separate them into > different L2 domains).
controller based wireless deployments can largely do this for ipv4 (and v6 to some extent) today. it's a fairly heavyweight approach for lightly managed networks. > -- > Mikael Abrahamsson email: swm...@swm.pp.se > _______________________________________________ > v6ops mailing list > v6...@ietf.org > https://www.ietf.org/mailman/listinfo/v6ops > -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------