Over-utilisation of v6 neighbour slots

Phil Mayers p.mayers at imperial.ac.uk
Tue Oct 22 11:25:41 CEST 2013


On 22/10/13 10:18, Sam Wilson wrote:
>
> On 22 Oct 2013, at 06:03, Eric Vyncke (evyncke) wrote:
>
>> But, the rapid rate of new RFC 4941 addresses for iOS has another
>> impact because network devices cannot anymore limit the number of
>> IPv6 addresses per MAC address in order to prevent a local DoS.
>>
>> So, either you disable SLAAC and rely on stateful DHCPv6 (but then
>> Android is not happy) or use aggressive time to clean the ND
>> cache...
>
> ... with the attendant difficulty in tracing systems that might be
> doing Bad Things.
>
> We have a mixture of Sup2Ts and Sup720s and we don't (yet) have v6
> enabled on most of them.  It's stuff like this that makes me think
> it's *still* not time to offer a general v6 service.

I disagree - and since I'm the one who posted about the problem, I call 
dibs on getting to decide how serious it is ;o)

We offer a general IPv6 service, and we've had very few real problems. 
It is NOT as hard as people make out, and if you wait until every last 
problem is solved, you'll be waiting forever.

You'll also be missing out on the opportunity to learn about issues 
early and influence your vendors and your own future purchases in 
appropriate ways.

"Hold off on IPv6" is something I would recommend to my competitors...


More information about the ipv6-ops mailing list