On Jul 15, 2011, at 10:35 AM, Philip Homburg wrote: > I could be wrong, but the impression I got from the various ops lists is that > the way you deal with this attack is to avoid using RFC-4862 and/or RFC-4861.
I can imagine using DHCPv6 instead of SLAAC (RFC 4862 and the RS/RA component of RFC 4861). The counterpart to ARP is the NS/NA component of RFC 4861; I think you might find that helpful to keep. That said, I do think you may find SLAAC more scalable than DHCPv6 address allocation. At least that's why it was developed. -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
