On Mar 12, 2011, at 11:14 AM, Jeff Wheeler wrote:
Of course, I don't really mean to call Owen a liar, or foolish, or anything else.
Please don't; even though I disagree with him and agree with you very strongly on this set of issues, Owen is a smart and straightforward guy, and is simply speaking from his (selective on this particular set of topics, IMHO) own individual viewpoint. ;>
and if the most popular fix becomes dependent on NDP inspection
If that comes to pass, then the fix will be useless, unfortunately, just as dynamic ARP inspection (DAI) is useless today; it self-DoSes the box. Any form of 'inspection' will not scale for this problem, as it will be CPU-bound even on ASIC-based platforms. All this ICMPv6 weirdness and outright brokenness is the Achilles' heel of IPv6, and I see no ready solution in sight for the set of problems it engenders. ----------------------------------------------------------------------- Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com> The basis of optimism is sheer terror. -- Oscar Wilde