Dale W. Carder wrote:
On Feb 18, 2009, at 3:00 PM, Nathan Ward wrote:
On 19/02/2009, at 9:53 AM, Leo Bicknell wrote:
Let me repeat, none of these solutions are secure. The IPv4/DHCP model is ROBUST, the RA/DHCPv6 model is NOT.
The point I am making is that the solution is still the same - filtering in ethernet devices.
Perhaps there needs to be something written about detailed requirements for this so that people have something to point their switch/etc. vendors at when asking for compliance. I will write this up in the next day or two. I guess IETF is the right forum for publication of that.
Is there something like this already that anyone knows of?
http://tools.ietf.org/id/draft-chown-v6ops-rogue-ra-02.txt
This is the last message I recall seeing in v6ops about it:
"It seems to me that the L2 devices are welcome to perform whatever filtering they like regardless of any documents that might come from the IETF. Therefore, I'd like to see more pros/cons on this." http://ops.ietf.org/lists/v6ops/v6ops.2008/msg01733.html
There is also: http://tools.ietf.org/html/draft-vandevelde-v6ops-ra-guard-01
Cheers, Dale