So why is "IPv4 with longer addresses" a problem anyway?
Bjørn Mork
bjorn at mork.no
Tue Jun 1 09:22:02 CEST 2010
Nick Hilliard <nick at foobar.org> writes:
> On 30/05/2010 11:05, Benedikt Stockebrand wrote:
>> Using Autoconf and Network Unreachability Detection for router
>> failover doesn't give you the fastest failover time, but at least it
>> gives these people a chance.
>
> Depending on RA means:
>
> - loss of service measured in (by default) minutes in the case of router
> failure
Why? You are free to install more than one default route.
> - serious security problems due to rogue RA announcements by unauthorised
> network clients
I don't see why RA is special here. The same goes for rogue DHCP and
DHCPv6 servers. You need to filter. You do not want to allow incoming
RAs on any client port in your network.
Bjørn
More information about the ipv6-ops
mailing list