blocking rogue router advertisements on switches

Steinar H. Gunderson sesse at google.com
Fri May 6 13:50:22 CEST 2011


Den 6. mai 2011 13:06 skrev Gavin McCullagh <gavin.mccullagh at gcd.ie> følgende:
> We also found that setting the priority to "high" on our adverts helped.
> The misconfigured laptops don't seem to do that thankfully.

Note that RA=high will only solve part of the problem; it does not
affect address selection at all, only the routing table decisions. So
if you have a rogue RA with a bogus prefix, the end clients can
happily try to connect through _your_ gateway (since RA=high) using
_their_ prefix, which will probably break.

/* Steinar */
-- 
Software Engineer, Google Switzerland



More information about the ipv6-ops mailing list