Over-utilisation of v6 neighbour slots

Sam Wilson Sam.Wilson at ed.ac.uk
Tue Oct 22 11:18:13 CEST 2013


On 22 Oct 2013, at 06:03, Eric Vyncke (evyncke) wrote:

> But, the rapid rate of new RFC 4941 addresses for iOS has another impact because network devices cannot anymore limit the number of IPv6 addresses per MAC address in order to prevent a local DoS.
> 
> So, either you disable SLAAC and rely on stateful DHCPv6 (but then Android is not happy) or use aggressive time to clean the ND cache...

... with the attendant difficulty in tracing systems that might be doing Bad Things.

We have a mixture of Sup2Ts and Sup720s and we don't (yet) have v6 enabled on most of them.  It's stuff like this that makes me think it's *still* not time to offer a general v6 service.

Sam
-- 
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.




More information about the ipv6-ops mailing list