Over-utilisation of v6 neighbour slots

Benedikt Stockebrand bs at stepladder-it.com
Thu Oct 24 13:29:48 CEST 2013


Hi Phil and list,

Phil Mayers <p.mayers at imperial.ac.uk> writes:

> Ah, I was unclear:
>
> Privacy addresses are fine - no problem with them.

ok, that explains.

> What I meant is that the specific strategy Apple devices seem to be
> using to re-generate them - on link-up - provides little or no benefit
> *above* a per-link & time-based rollover.

Agreed.

> Or just per prefix, as seen in the RAs, which are present on every link.

Right, though that may make it more troublesome again when it comes to
spoofing---that's probably one of those things you want to be really
careful about when you write a general specification.

>> Somebody from the hardware implementers correct me, but this should be
>> both difficult to implement and is likely too slow.  You don't use
>> CAM/TCAM unless you are really desperate for speed.
>
> There are already high-speed devices using RAM for FIB e.g. Juniper
> Trio chipset uses RLDRAM.

Hmm, I wonder how that scales.  CAM/TCAM is of AC(1) complexity, which
is what RAM can't do---trees, tries and whatnot in RAM have AC(n)
complexity.

Of course, hardware based hashing comes to mind next, but then this has
a high risk of leading to DoS vulnerability.


Cheers,

    Benedikt

-- 
			 Business Grade IPv6
		    Consulting, Training, Projects

Benedikt Stockebrand, Dipl.-Inform.        http://www.stepladder-it.com/


More information about the ipv6-ops mailing list