Mikael Abrahamsson wrote:
On Sat, 3 May 2008, Randy Bush wrote:
back office software ip and dns management software provisioning tools cpe measurement and monitoring and billing
and, of course, backbone and aggregation equipment that can actually handle real ipv6 traffic flows with acls and chocolate syrup.
Not to mention, you want to be able to do the regular antispoofing etc and your security devices (which might be based on L2 switches doing DHCP snooping) doesn't do IPv6, so you need to replace them (or live with lower security) and this needs serious budget.
Or you'll have to revert to what you did before dhcp filtering switches. Which was watch for replies from rogues and then update your mac filters accordingly or drop the host onto a quarantine vlan. should work quite well for rogue RAs and rogue dhcpv6 servers. Obviously it's reactive rather than proactive but it can be quite effective if automated.