Over-utilisation of v6 neighbour slots
Andrew Yourtchenko
ayourtch at gmail.com
Fri Oct 25 11:55:05 CEST 2013
On 10/25/13, Tim Chown <tjc at ecs.soton.ac.uk> wrote:
> On 22 Oct 2013, at 06:03, Eric Vyncke (evyncke) <evyncke at cisco.com> wrote:
>
>> IMHO iOS obviously implemented the first part but not the second part ;-)
>>
>> But, the rapid rate of new RFC 4941 addresses for iOS has another impact
>> because network devices cannot anymore limit the number of IPv6 addresses
>> per MAC address in order to prevent a local DoS.
>
> Yes, thanks for breaking our IPv6 network with that one in your FHS
> implementation Eric :)
That's in 7.2 WLC only which you hopefully do not run by now. The 7.3+
does the cleanup of the stale entries above a threshold, that do not
answer the DAD probes.
<rant>I presume that those who want ultimate privacy have inspected
their browsers to not do evercookies[1], removed any features in their
browsers identifying them via the fingerprint, and ensured that the
call-home feature of their favourite operating system and the apps is
deactivated, as well as taking care that they manually reconfigure the
new mac address on each new connection. </rant>
[1] http://samy.pl/evercookie/
--a
More information about the ipv6-ops
mailing list