On Thu, Jan 6, 2011 at 6:46 PM, Owen DeLong <owen@delong.com> wrote:
On Jan 5, 2011, at 9:17 PM, Joe Greco wrote:
However, that's not the only potential use! A client that initiates each new outbound connection from a different IP address is doing something Really Good. If hosts start cycling their addresses that frequently, don't you run the risk of that becoming a form of DOS on your router's ND tables?
Of course, Owen. I replied to that specific point in Joe's post earlier, although I have written so much on this thread, I have tried to condense my replies, so anyone reading in thread mode may have missed it. The fact that Joe even makes that suggestion signals how little understanding he has of the problem. His idea would DoS his own router. There are many posts on this thread from folks who think of themselves as expert, at least enough to try and tell me that I'm wrong, when they lack basic understanding of how the forwarding process works in operation. That is what everyone should be afraid of -- most of the "experts" aren't, and almost no one has practical experience with a mission-critical IPv6 network, so conditions like this remain unanalyzed. It took a long time to discover a lot of vulnerabilities as the Internet grew from academia to everyday necessity. We are all now making some obvious, unnecessary mistakes with IPv6 deployments. It is also crucial to understand that some platforms use the same resources (in control plane or data plane) for ARP and NDP tables and resolution, and this means that some dual-stack networks will see their IPv4 networks melt down due to problems with their IPv6 network design and implementation. If you are dual-stack, this is probably not a problem confined to v6 traffic flowing through your network; it may also take out your mission-critical v4 services. If you don't know, then you need to admit you don't know and find out what the failure mode of your routers is, before your network blows up in your face. -- Jeff S Wheeler <jsw@inconcepts.biz> Sr Network Operator / Innovative Network Concepts