Running IPv6 on a large L2 network
Tim Chown
tjc at ecs.soton.ac.uk
Tue Sep 9 12:53:51 CEST 2008
On Tue, Sep 09, 2008 at 12:43:04PM +0200, Göran Weinholt wrote:
> weinholt at csbnet.se (Göran Weinholt) writes:
> > In the scenario I posted it doesn't matter if I disconnect the user
> > that sent the RA, the network will still be broken for other hosts
> > because of the bogus on-link route. To remove the route I might send
> > my own RA with the announced prefixes and a very low lifetime, but the
> > lowest lifetime allowed according to RFC4862 is two hours (ironically
> > changed recently to address a possible DoS...)
>
> Ok, I did some tests and both Linux and Windows Vista will actually
> honor a AdvValidLifetime and AdvPreferredLifetime of zero. So now I
> just have to write a program that counteracts bad RAs and everything
> should be fine.
>
> Thanks for the other suggestions in this thread, but if we could
> afford to upgrade to a routed network (with one VLAN per customer or
> what have you) we would. :)
I'm about to do a revision of this draft:
http://tools.ietf.org/id/draft-chown-v6ops-rogue-ra-01.txt
so any feedback is timely.
We also have a modified rafixd that I'll see if we can put up somewhere
for people to fetch/use if they wish.
--
Tim
More information about the ipv6-ops
mailing list