On Thu, 23 Jun 2011, Ray Hunter wrote:
too. But RA Guard should not be a prerequisite for reliably setting of a default route on Ethernet, simply because corporate LAN switches generally have to last 5-10 years or so before being replaced.
I don't see 5-10 year old LAN switches having any kind of capability of filtering just certain IPv6 packets. They might have the possibility of filtering all 0x86dd packet which is the sensible thing to do unless one can secure it by other means.
Securing L2 networks is something not generally done today in enterprise and surprisingly often in SP environments as well. This can be seen by all the problems reported by Windows ICS v6 RA:s being sent out and causing problems to other users (which in a properly build network it shouldn't have the capability of doing, because those packets should be filtered by the access network).
-- Mikael Abrahamsson email: swm...@swm.pp.se -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
