On Wed, Feb 2, 2011 at 16:13, Leo Bicknell <bickn...@ufp.org> wrote: > I love this question, because it basically admits the protocol is > broken. To make RA's even remotely palitable, you need "RA Guard" on > the switches. This feature does not exist, but if we bring features > like DHCP guard forward into the IPv6 world, it's the logical solution > and solves the problem.
RA Guard has been described in RFC 6105 (still draft, but standards track), so that particular problem should be taken care of once vendors start shipping code. It doesn't even require SeND- although it does accomodate it. ~Matt
