[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Yahoo and IPv6

Subject: Yahoo and IPv6
From: jsw at inconcepts.biz (Jeff Wheeler)
Date: Tue, 10 May 2011 00:57:04 -0400
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]> <[email protected]> <120501cc0e81$0222b1e0$066815a0$@net> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]>

On Mon, May 9, 2011 at 10:04 PM, Joel Maslak <jmaslak at antelope.net> wrote:
> On Mon, May 9, 2011 at 3:57 PM, Jeff Wheeler <jsw at inconcepts.biz> wrote:
> I do take issue with your suggestion that /64 LANs are in any way
>> smart in the datacenter. ?They are not. ?I have some slides on this
>> topic: http://inconcepts.biz/~jsw/IPv6_NDP_Exhaustion.pdf
>
> There are ways of mitigating this (the easiest is to use ACLs or firewalls
> to limit traffic into a subnet from untrusted sources so that only
> legitimate traffic is allowed).

Your suggestion has two main disadvantages:
1) it doesn't work on some platforms, because input ACL won't stop ND
learn/solicit -- obviously this is bad
2) it requires you to configure a potentially large input ACL on every
single interface on the box, and adjust that ACL whenever you
provision more IPv6 addresses for end-hosts -- kinda like not having a
control-plane filter, only worse

-- 
Jeff S Wheeler <jsw at inconcepts.biz>
Sr Network Operator? /? Innovative Network Concepts

Follow-Ups:
- Yahoo and IPv6
  - From: rdrake at direcpath.com (Robert Drake)

References:
- Yahoo and IPv6
  - From: oberman at es.net (Kevin Oberman)
- Yahoo and IPv6
  - From: jared at puck.nether.net (Jared Mauch)
- Yahoo and IPv6
  - From: dougb at dougbarton.us (Doug Barton)
- Yahoo and IPv6
  - From: alh-ietf at tndh.net (Tony Hain)
- Yahoo and IPv6
  - From: dougb at dougbarton.us (Doug Barton)
- Yahoo and IPv6
  - From: jsw at inconcepts.biz (Jeff Wheeler)
- Yahoo and IPv6
  - From: jared at puck.nether.net (Jared Mauch)
- Yahoo and IPv6
  - From: jsw at inconcepts.biz (Jeff Wheeler)
- Yahoo and IPv6
  - From: jmaslak at antelope.net (Joel Maslak)

Prev by Date: Yahoo and IPv6
Next by Date: Yahoo and IPv6
Previous by thread: Yahoo and IPv6
Next by thread: Yahoo and IPv6
Index(es):
- Date
- Thread