How to preempt rogue RAs?

Mikael Abrahamsson swmike at
Fri Nov 5 06:23:12 CET 2010

On Thu, 4 Nov 2010, Alan Batie wrote:

> One problem we have had with the PPPoE connections is MTU and sites that 
> improperly filter icmp with the well known result.  So we are starting 
> to lean back to the vlan approach.  That would allow regulated 
> peer-to-peer by putting them on the same vlan then.

Intelligent L2 equipment doing forced-forwarding/private vlan and using 
local-proxy-arp in the L3 equipment makes all traffic go through the 
router even though it's within the same vlan/subnet.

There should be no trust with customers, they should be treated as 
unsecure and all care should be taken to protect customers from other 
customers when it comes to arp spoofing, sourcing of packets that hasn't 
been handed out to them etc. Anything else is reckless and will cause 
problems down the line.

Mikael Abrahamsson    email: swmike at

More information about the ipv6-ops mailing list