So why is "IPv4 with longer addresses" a problem anyway?

Rickman, Phil phrickman at upcbroadband.com
Mon May 31 15:45:47 CEST 2010 

SEND
http://www.ietf.org/rfc/rfc3971.txt

- loss of service measured in (by default) minutes in the case of router
failure ..............."untrue"
Please show reference documentation providing this or the specific platforms/vendors.
RAs are refreshed no on lifetime but on next receipt.

http://www.cisco.com/en/US/docs/security/fwsm/fwsm31/configuration/guide/ipv6_f.html#wp1056298

    Configuring the Router Lifetime Value

    The router lifetime value specifies how long nodes on the local link should consider FWSM as the default router on the link.

    To configure the router lifetime value in IPv6 router advertisements on an interface, enter the following command:

    hostname(config-if)# ipv6 nd ra-lifetime seconds

    Valid values range from 0 to 9000 seconds. The default is 1800 seconds. Entering 0 indicates that FWSM should not be considered a default router on the selected interface.


    Configuring the Router Advertisement Transmission Interval

    By default, router advertisements are sent out every 200 seconds. To change the interval between router advertisement transmissions on an interface, enter the following command:

    ipv6 nd ra-interval [msec] value 

    Valid values range from 3 to 1800 seconds (or ******500****** to 1800000 milliseconds if the msec keyword is used). "note you can now drop this on most vendors to 300 ms"

    The interval between transmissions should be less than or equal to the IPv6 router advertisement lifetime if FWSM is configured as a default router by using the ipv6 nd ra-lifetime command. To prevent synchronization with other IPv6 nodes, randomly adjust the actual value used to within 20      percent of the desired value.


- serious security problems due to rogue RA announcements by unauthorised
network clients ........."untrue"
there are numerous mechanisms to prevent unauthorized RA suppression upstream towards CMTS bundles, enterprise & ISP topologies.
Again please provide proof as I am tired of giving you information you should already know if stating you are an authority


Phil Rickman
NDA

DD - +31 207 789 969
Mob:  +31 610847604
________________________________________
From: ipv6-ops-bounces+ipv6=aorta.net at lists.cluenet.de [ipv6-ops-bounces+ipv6=aorta.net at lists.cluenet.de] On Behalf Of Nick Hilliard [nick at foobar.org]
Sent: 31 May 2010 15:34
To: Benedikt Stockebrand
Cc: ipv6-ops at lists.cluenet.de
Subject: Re: So why is "IPv4 with longer addresses" a problem anyway?

On 30/05/2010 11:05, Benedikt Stockebrand wrote:
> Using Autoconf and Network Unreachability Detection for router
> failover doesn't give you the fastest failover time, but at least it
> gives these people a chance.

Depending on RA means:

- loss of service measured in (by default) minutes in the case of router
failure
- serious security problems due to rogue RA announcements by unauthorised
network clients

Either of these problems on their own makes RA unsuitable for most
applications other than enthusiast / home / playpen.

But, if you want to operate your network with lousy availability
characteristics and where any arbitrary client can hijack the network, then
by all means, please go ahead and do so.  Just don't pretend that it's
going to be reliable.

Nick

More information about the ipv6-ops mailing list