On 19/01/2014 04:08, Mukom Akong T. wrote:
Just because you can have 2^64 possible hosts on a LAN still doesn't mean we through principles of good LAN design out the door. :-) So I'd say it's rather the fault of shoddy network design rather than address policy.
no, it's a problem with the number of addresses available on the LAN; nothing to do with shoddy network design. Each device on the LAN will have a certain amount of capacity for caching neighbour addressing details. If some third party decides to send packets to a massive number of addresses on that LAN, then the router which is forwarding these packets will attempt to perform ND for these addresses. This can trivially be used as a cache exhaustion attack, which can cause regular connectivity on that LAN to be trashed. Nick