How to preempt rogue RAs?
Tim Chown
tjc at ecs.soton.ac.uk
Sat Nov 27 10:51:50 CET 2010
On 27 Nov 2010, at 00:30, Fernando Gont wrote:
> On 30/10/2010 06:03 a.m., Gert Doering wrote:
>
>> There's are a couple of IETF drafts focusing on this problem:
>>
>> draft-ietf-v6ops-rogue-ra-02.txt
>> "the problem statement" (plus ideas on mitigation, like L2 ACLs)
>>
>> draft-ietf-v6ops-ra-guard-08.txt
>> "how a switch implementation could help fixing this"
>
> My take is that this will fix the "accidental" rogue IPv6 router
> problem, but not the malicious router IPv6 problem.
How does RA Guard not help with the malicious rogue RA problem?
> I'm in the process of crafting some code to actually check the idea I
> have in mind... and will share afterwards.
Have you looked at ramond (on sourceforge)?
Tim
More information about the ipv6-ops
mailing list