So why is "IPv4 with longer addresses" a problem anyway?
Nick Hilliard
nick at foobar.org
Mon May 31 17:19:06 CEST 2010
On 31/05/2010 14:45, Rickman, Phil wrote:
> SEND
> http://www.ietf.org/rfc/rfc3971.txt
SEND is not supported by Windows or OS/X. I understand that there are
implementations for linux, freebsd and on the switch side, Cisco - and only
on one or two platforms.
> - loss of service measured in (by default) minutes in the case of router
> failure ..............."untrue"
> Please show reference documentation providing this or the specific platforms/vendors.
> RAs are refreshed no on lifetime but on next receipt.
RFC 2461, section 6.3.4:
"the receipt of a Router Advertisement MUST NOT invalidate all information
received in a previous advertisement or from another source. However, when
received information for a specific parameter (e.g., Link MTU) or option
(e.g., Lifetime on a specific Prefix) differs from information received
earlier, and the parameter/option can only have one value, the most
recently-received information is considered authoritative."
... and the rest of section 6.3.4, which provides the mechanism for RA
Default Router List timeout.
Please read this section carefully. You are simply not guaranteed quick
failover when using RA. Yes, you can tune things down, but it's never
going to be anything like a router failover protocol.
> - serious security problems due to rogue RA announcements by unauthorised
> network clients ........."untrue"
> there are numerous mechanisms to prevent unauthorized RA suppression
> upstream towards CMTS bundles, enterprise & ISP topologies.
As Dave Freedman noted, this was a reference to draft-ietf-v6ops-ra-guard.
None of the vendors that I deal with support this feature explicitly
(although, as I noted previously, some of them have indicated that in some
of their higher-end L3 switching kit, you can kludge workarounds).
> Again please provide proof as I am tired of giving you information you
> should already know if stating you are an authority
I'd be happy to retract a statement like that if you can provide a
reference. If you can't find where you think I stated this (and I have no
memory of ever saying or implying anything of the sort), then the
gentlemanly thing to do would be to retract your allegation.
Nick
More information about the ipv6-ops
mailing list