IPv6 equivalent to DHCP Option 82 for geolocating customer MACs to certain ports of Multi-port Layer 2 demarcation devices

Florian Weimer fw at deneb.enyo.de
Sun May 8 11:43:36 CEST 2011


* Gert Doering:

> SeND alone will validate the IPv6-to-MAC layer mapping, which nicely
> solves all attacks against redirecting IPv6 packets to a different
> MAC address.  Combine with static MAC addressing at switch ports 
> (port-security or static) and you have solved the problem of one
> customer stealing another customer's IPv6 packets.

You still need unicast flood protection.

Does this type of static address configuration really work in
practice?  I would expect to cause it trouble with mobile devices and
virtualization.



More information about the ipv6-ops mailing list