Running IPv6 on a large L2 network
Tim Chown
tjc at ecs.soton.ac.uk
Tue Sep 9 13:47:24 CEST 2008
On Tue, Sep 09, 2008 at 11:53:51AM +0100, Tim Chown wrote:
> On Tue, Sep 09, 2008 at 12:43:04PM +0200, Göran Weinholt wrote:
> > weinholt at csbnet.se (Göran Weinholt) writes:
> > > In the scenario I posted it doesn't matter if I disconnect the user
> > > that sent the RA, the network will still be broken for other hosts
> > > because of the bogus on-link route. To remove the route I might send
> > > my own RA with the announced prefixes and a very low lifetime, but the
> > > lowest lifetime allowed according to RFC4862 is two hours (ironically
> > > changed recently to address a possible DoS...)
> >
> > Ok, I did some tests and both Linux and Windows Vista will actually
> > honor a AdvValidLifetime and AdvPreferredLifetime of zero. So now I
> > just have to write a program that counteracts bad RAs and everything
> > should be fine.
> >
> > Thanks for the other suggestions in this thread, but if we could
> > afford to upgrade to a routed network (with one VLAN per customer or
> > what have you) we would. :)
>
> I'm about to do a revision of this draft:
>
> http://tools.ietf.org/id/draft-chown-v6ops-rogue-ra-01.txt
>
> so any feedback is timely.
>
> We also have a modified rafixd that I'll see if we can put up somewhere
> for people to fetch/use if they wish.
The code is at http://ramond.sf.net, a revised version of rafixd tweaked
by an MSc student here.
--
Tim
More information about the ipv6-ops
mailing list