How to preempt rogue RAs?

[Dan White]

On 05/11/10 07:53 +1030, Mark Smith wrote:
> The benefit of being attached to a multi-access link
>like an ethernet is that attached devices can sent traffic
>directly to each other i.e. "full mesh"/"peer-to-peer" communications is
>available. The draw back is that each device has to trust
>its on-link peers not to do anything to disrupt the shared link
>resources, which is what is happening with rogue or malicious RAs. With
>a PPPoE setup, you're changing the shared link traffic topology to one
>that is hub-and-spoke, hair-pinning traffic between spokes, and using
>the hub (i.e. aggregation router) to enforce policies on what can be
>sent between the spokes. The fundamental decision is at what point do
>you make the trade off between optimal and direct paths ("full mesh")
>and more chance of disruption verses less optimal hair pin paths and
>less chance of disruption.

That probably depends on the class of service you're offering, and the
level of trust you're willing to afford your customers. In the case of
residential and small business class broadband service, we've generally
taken a trust-no-one approach and kept all customers separated at layer two
(but without PPPoX), aggregated into a 5 9s device which tends to be much
more intelligent and capable with layer 3 enforcement and features than the
DSLAM and access equipment we use.

-- 
Dan White