Over-utilisation of v6 neighbour slots
Benedikt Stockebrand
bs at stepladder-it.com
Thu Oct 24 13:29:48 CEST 2013
Hi Phil and list,
Phil Mayers <p.mayers at imperial.ac.uk> writes:
> Ah, I was unclear:
>
> Privacy addresses are fine - no problem with them.
ok, that explains.
> What I meant is that the specific strategy Apple devices seem to be
> using to re-generate them - on link-up - provides little or no benefit
> *above* a per-link & time-based rollover.
Agreed.
> Or just per prefix, as seen in the RAs, which are present on every link.
Right, though that may make it more troublesome again when it comes to
spoofing---that's probably one of those things you want to be really
careful about when you write a general specification.
>> Somebody from the hardware implementers correct me, but this should be
>> both difficult to implement and is likely too slow. You don't use
>> CAM/TCAM unless you are really desperate for speed.
>
> There are already high-speed devices using RAM for FIB e.g. Juniper
> Trio chipset uses RLDRAM.
Hmm, I wonder how that scales. CAM/TCAM is of AC(1) complexity, which
is what RAM can't do---trees, tries and whatnot in RAM have AC(n)
complexity.
Of course, hardware based hashing comes to mind next, but then this has
a high risk of leading to DoS vulnerability.
Cheers,
Benedikt
--
Business Grade IPv6
Consulting, Training, Projects
Benedikt Stockebrand, Dipl.-Inform. http://www.stepladder-it.com/
More information about the ipv6-ops
mailing list