IPv6 network policies
Gert Doering
gert at space.net
Sun Apr 11 11:15:38 CEST 2010
Hi,
On Sat, Apr 10, 2010 at 09:21:00PM +0930, Mark Smith wrote:
> What I also discovered was that Linux and IOS aren't implementing
> complete Neighbor Discovery (i.e. NS/NA) on P2P links,
I always wondered why anyone would *want* to implement ND on P2P links.
After all, you know that there is only two entities on the link, so if
the packet isn't for you, it must be for them - and there is no need to
construct a l2 address header for POS or PPP links. So all "full ND"
gains you is "more overhead" and "larger attack surface on the router".
Yes, the corrolary is "packets might loop", but this is what RFC4443
takes into account.
Gert Doering
-- NetMaster
--
Total number of prefixes smaller than registry allocations: 150584
SpaceNet AG Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
More information about the ipv6-ops
mailing list