Running IPv6 on a large L2 network
Dan White
dwhite at olp.net
Thu Sep 4 19:12:45 CEST 2008
Jeroen Massar wrote:
> When I hear L2 and "security" though and "protection
> against X" I always think of 802.1x so that you at least authenticate
> the baddies and can track them easily based on something else than what
> they provide you. Of course you have at least a port number hopefully.
>
or 802.1q. If your network design supports it, you could put each
customer/end-point into their own VLAN, or Q-in-Q VLAN, for layer 2
protection. That of course offers its own set of challenges, such as how
to scale your router(s).
We're looking at moving to this approach, for other reasons as well, in
our broadband network. Most of our vendors support next to nothing in
the area of IPv6, but they do have good ethernet support. Linux also has
Q-in-Q support, which makes for a cheap IPv6 router.
- Dan
More information about the ipv6-ops
mailing list