Question about IPAM tools for v6
Mohacsi Janos
mohacsi at niif.hu
Fri Jan 31 13:33:52 CET 2014
On Fri, 31 Jan 2014, Nick Hilliard wrote:
> On 29/01/2014 22:19, Cricket Liu wrote:
>> Consensus around here is that we support DHCPv6 for non-/64 subnets
>> (particularly in the context of Prefix Delegation), but the immediate
>> next question is "Why would you need that?"
>
> /64 netmask opens up nd cache exhaustion as a DoS vector.
ND cache size Should be limited by HW/SW vendors - limiting number entries
ND cache entries per MAC adresss, limiting number of outstanding ND
requests etc.
Best Regards,
Janos Mohacsi
More information about the ipv6-ops
mailing list