Occasionally the subject comes up: /64 (and SLAAC) is bad because it is easy to DoS routers by getting to perform too much ND.
At least in theory this seems to be a valid complaint. A router can (and should) carefully allocate resources for ND to avoid having ND interfere with other parts of the routers functionality. But in the end, if the ND part of a router is overloaded and it needs to do ND for a genuine neighbor, it may have to drop the packet. So what I was thinking of, what if a router that is under attack would periodically multicast to the all-nodes multicast address a message saying "help I'm under attack". Upon receiving such a message all nodes send a neighbor solication to the router. This populates the router's neighbor cache with entries for all of it's neighbors. Thus ensuring that normal traffic can flow uninterrupted. -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
