IPv6 equivalent to DHCP Option 82 for geolocating customer MACs to certain ports of Multi-port Layer 2 demarcation devices
Mark Smith
nanog at 85d5b20a518b8f6864949bd940457dc124746ddc.nosense.org
Sun May 8 11:46:43 CEST 2011
On Sun, 08 May 2011 11:43:36 +0200
Florian Weimer <fw at deneb.enyo.de> wrote:
> * Gert Doering:
>
> > SeND alone will validate the IPv6-to-MAC layer mapping, which nicely
> > solves all attacks against redirecting IPv6 packets to a different
> > MAC address. Combine with static MAC addressing at switch ports
> > (port-security or static) and you have solved the problem of one
> > customer stealing another customer's IPv6 packets.
>
> You still need unicast flood protection.
>
What is that?
> Does this type of static address configuration really work in
> practice? I would expect to cause it trouble with mobile devices and
> virtualization.
More information about the ipv6-ops
mailing list