How to preempt rogue RAs?

Tim Chown tjc at ecs.soton.ac.uk
Sat Nov 27 10:51:50 CET 2010


On 27 Nov 2010, at 00:30, Fernando Gont wrote:

> On 30/10/2010 06:03 a.m., Gert Doering wrote:
> 
>> There's are a couple of IETF drafts focusing on this problem:
>> 
>> draft-ietf-v6ops-rogue-ra-02.txt
>>    "the problem statement" (plus ideas on mitigation, like L2 ACLs)
>> 
>> draft-ietf-v6ops-ra-guard-08.txt
>>    "how a switch implementation could help fixing this"
> 
> My take is that this will fix the "accidental" rogue IPv6 router
> problem, but not the malicious router IPv6 problem.

How does RA Guard not help with the malicious rogue RA problem?

> I'm in the process of crafting some code to actually check the idea I
> have in mind... and will share afterwards.

Have you looked at ramond (on sourceforge)?

Tim



More information about the ipv6-ops mailing list