On Wed, 13 Jul 2011, Jeroen Massar wrote:
Why not deploy it like a lot of folks have been deploying IPv6 for over
a decade already:
- a /64 link to the router/host of the user
(<link>::1 is you, <link>::2 is them)
- a route, be it /64, /56 or /48 to <link>::2 aka the user
That link can be a real Ethernet link or a tunnel. AVM Fritz!Box
supports this and various other vendors also find this great.
What? If it's a /64, then we have the /64 ND DoS problem we've been
discussing for a gazillion mail already.
The "ND" issue now lies at the CPE device of the user, who will most
likely not be able to handle 1GB/s anyway when somebody wants to DDoS
them off the net...
No it doesn't, if I am ::1 then if someone sends 10kpps to random values
of ::X:Y:Z:W on that subnet I have to ND all those. 10kpps is 5 megabit/s,
anyone can do that. I doubt most routers will work properly when handling
10k ND state changes per second.
--
Mikael Abrahamsson email: swm...@swm.pp.se
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------