Running IPv6 on a large L2 network

Dan White dwhite at
Thu Sep 4 19:12:45 CEST 2008

Jeroen Massar wrote:
> When I hear L2 and "security" though and "protection
> against X" I always think of 802.1x so that you at least authenticate
> the baddies and can track them easily based on something else than what
> they provide you. Of course you have at least a port number hopefully.

or 802.1q. If your network design supports it, you could put each 
customer/end-point into their own VLAN, or Q-in-Q VLAN, for layer 2 
protection. That of course offers its own set of challenges, such as how 
to scale your router(s).

We're looking at moving to this approach, for other reasons as well, in 
our broadband network. Most of our vendors support next to nothing in 
the area of IPv6, but they do have good ethernet support. Linux also has 
Q-in-Q support, which makes for a cheap IPv6 router.

- Dan

More information about the ipv6-ops mailing list