On Sat, 16 Jul 2011 10:38:45 -0700 Fred Baker <f...@cisco.com> wrote:
> > On Jul 15, 2011, at 6:31 AM, RJ Atkinson wrote: > > > I apologise for being unclear. The document I was trying to propose in the > > quoted text above was NOT about protocol changes, but instead would focus > > on extant mitigations -- so the document I was proposing would more > > obviously seem to fit in IPv6 Ops WG. > > Sounds reasonable to me. > <snip> > > Where I worry is the concept of a hard limit on address count per MAC > address, due to the existence of virtual hosts. Speaking as a vendor of the > equipment we're concerned about here, I would rather provide an option that > enables the administrator to buy more memory if that's what's needed than > force him into a situation that might be suboptimal for his network. The quite novel technique of allocation transient addresses to applications/processes to assist with firewalling also takes advantage of IPv6's large address space and that hosts can have multiple addresses at once. It'd be a shame to loose the opportunity to do that or similar innovative things with the large IPv6 address space - "Transient addressing for related processes: Improved firewalling by using IPv6 and multiple addresses per host", Peter M. Gleitz and Steven M. Bellovin https://www.cs.columbia.edu/~smb/papers/tarp.pdf ___________________________________________ > v6ops mailing list > v6...@ietf.org > https://www.ietf.org/mailman/listinfo/v6ops -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
