DAD - on or off

Merike Kaeo merike at doubleshotsecurity.com
Wed Jun 26 06:38:45 CEST 2013


Hi.

As more deployments are ongoing, what are folks doing with router (and critical server) interfaces wrt DAD?  I briefly followed RFC4429 'Optimistic Duplicate Address Detection (DAD) for IPv6'  but am wondering whether people turn off DAD on router interfaces in practice.

Scenario:
a. router has an IPv6 address
b. someone creates a node with same IPv6 address
c. router reboots

My question is....does (b) even get connected to local network?  My assumption is no.  So if (b) were to be able to take over router's interface then it has to create the address and connect to network during the time a router reboots.   Is this correct?  Been a few years since I played with this so just trying to see what folks are doing in practice [both implementation wise and operationally].  Any insights appreciated.

- merike


More information about the ipv6-ops mailing list