Tassos, From: Tassos Chatzithomaoglou [mailto:ach...@forthnet.gr] Sent: Friday, October 14, 2011 6:29 PM To: Hemant Singh (shemant) Cc: IPv6 WG Mailing List Subject: Re: FW: New Version Notification for draft-hsingh-6man-enhanced-dad-01.txt
>Lastly, i have a question about your example with the provider in "2. >Introduction". >Although i don't have the whole picture (the DAD proxying part confused me a >little bit) and the term access concentrator isn't very clear to me (we use >dsl, not cable), shouldn't there be a >warning about duplicate mac or >mac-flapping somewhere? >I mean, if i understand correctly the topology, the NS(DAD) message followed >the path AC => MODEM1 => HUB => MODEM2 => AC without changing its src mac. >>Unless the modems are >also acting as ND proxies. The cable modems are essentially bridges and so is the hub. That is why the NS(DAD) totally reflected back to the AC as is without changing any src mac. I thought it would be clear because if a packet is reflected back or looped back, the devices in the path have got to be bridges. Ah, I meant a CMTS which is one example of an access concentrator. I believe the IETF used the term of access concentrator first in RFC 4388. CMTS is a Cable Modem Termination System and one Cisco CMTS can support about 40K cable modems with an average of one host PC/CPE route behind each cable modem. The DSL deployment is a L2/L3 segmented network and thus one device such as the CMTS may not be their L2 and L3 combined device in a DSLAM but the same concept applies to DSL networks as well. Between cable and DSL the worldwide broadband subscribers are over 300 million in number. Let me explain the DAD Proxy. You see, if you have a simple Ethernet LAN corporate network, then the ND traffic between the hosts in the LAN is seen by all the hosts but not the router in the LAN segment. The router has to implement a DAD Proxy before the router can see all DAD messages of the LAN segment. Moving away from the trusted Ethernet LAN corporate network to a cable broadband CMTS deployment, the CMTS is a trusted node in the SP domain while the clients the CMTS serves, reside in a un-trusted domain. The subscriber homes have hacked up modems or rouge PCs etc. That is why in such a network, the CMTS implements a DAD Proxy so that the CMTS defends each IPv6 link-local or a global address of a client before any client is allowed in the cable network. Note the DSL broadband folks also have a DAD Proxy draft in the IETF 6man WG in http://datatracker.ietf.org/doc/draft-ietf-6man-dad-proxy/. Cable IPv6 standards were completed about 5-6 years back and thus a CMTS already supports a DAD Proxy. Regards, Hemant -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------