Question about IPAM tools for v6
Fernando Gont
fernando at gont.com.ar
Fri Jan 31 16:06:54 CET 2014
On 01/31/2014 09:33 AM, Mohacsi Janos wrote:
>
>> On 29/01/2014 22:19, Cricket Liu wrote:
>>> Consensus around here is that we support DHCPv6 for non-/64 subnets
>>> (particularly in the context of Prefix Delegation), but the immediate
>>> next question is "Why would you need that?"
>>
>> /64 netmask opens up nd cache exhaustion as a DoS vector.
>
> ND cache size Should be limited by HW/SW vendors - limiting number
> entries ND cache entries per MAC adresss, limiting number of outstanding
> ND requests etc.
+1
Don't blame the subnet size for sloppy implementations.
Cheers,
--
Fernando Gont
e-mail: fernando at gont.com.ar || fgont at si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
More information about the ipv6-ops
mailing list