How to preempt rogue RAs?
Alan Batie
alan.batie at peakinternet.com
Fri Nov 5 04:39:24 CET 2010
On 11/4/10 2:23 PM, Mark Smith wrote:
> The benefit of being attached to a multi-access link
> like an ethernet is that attached devices can sent traffic
> directly to each other i.e. "full mesh"/"peer-to-peer" communications is
> available. The draw back is that each device has to trust
> its on-link peers not to do anything to disrupt the shared link
> resources, which is what is happening with rogue or malicious RAs.
Exactly. There apparently is also some sort of tariffing issue; that's
not my bailiwick but I heard something about a concern being that
customer-to-customer direct connections within the telco being tariffed
and thus need to be regulated, but I think the tariff might be for a
specific sort of connection.
One problem we have had with the PPPoE connections is MTU and sites that
improperly filter icmp with the well known result. So we are starting
to lean back to the vlan approach. That would allow regulated
peer-to-peer by putting them on the same vlan then.
More information about the ipv6-ops
mailing list