In article <AANLkTin10qow6Tt+YMfX8OienxixCqH57movhRj3uvSZ@mail.gmail.com> you write:
On Thu, Jan 6, 2011 at 4:32 AM, Joel Jaeggli <joelja@bogus.com> wrote:
Which at a minimum is why you want to police the number of nd messages that the device sends and unreachable entries do not simply fill up the nd cache, such that new mappings in fact can be learned because there
Your solution is to break the router (or subnet) with a policer, instead of breaking it with a full table. That is not better; both result in a broken subnet or router. If NDP requires an NDCache with "incomplete" entries to learn new adjacencies, then preventing it from filling up will ... prevent it from learning new adjacencies. Do you see how this is not a solution?
If all nodes implemented RFC4620 (IPv6 Node Information Queries), then you could ratelimit ND queries and, when ratelimiting, just regularly (say every few seconds) refresh the neighbor list with a multicast NI Node Addresses Query . In fact a router can still do this, it's just the nodes that do not implement RFC4620 that suffer the most, and perhaps that will serve as an incentive to get RFC4620 implemented on those nodes. Mike.