IPv6 equivalent to DHCP Option 82 for geolocating customer MACs to certain ports of Multi-port Layer 2 demarcation devices

Mark Smith nanog at 85d5b20a518b8f6864949bd940457dc124746ddc.nosense.org
Sun May 8 11:46:43 CEST 2011

On Sun, 08 May 2011 11:43:36 +0200
Florian Weimer <fw at deneb.enyo.de> wrote:

> * Gert Doering:
> > SeND alone will validate the IPv6-to-MAC layer mapping, which nicely
> > solves all attacks against redirecting IPv6 packets to a different
> > MAC address.  Combine with static MAC addressing at switch ports 
> > (port-security or static) and you have solved the problem of one
> > customer stealing another customer's IPv6 packets.
> You still need unicast flood protection.

What is that? 

> Does this type of static address configuration really work in
> practice?  I would expect to cause it trouble with mobile devices and
> virtualization.

More information about the ipv6-ops mailing list