[ipv6-wg] New draft document available: Requirements For IPv6 in ICT Equipment
- Previous message (by thread): [ipv6-wg] New draft document available: Requirements For IPv6 in ICT Equipment
- Next message (by thread): [ipv6-wg] New draft document available: Requirements For IPv6 in ICT Equipment
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Gert Doering
gert at space.net
Thu Oct 7 16:30:54 CEST 2010
Hi, On Thu, Oct 07, 2010 at 11:11:17AM +0200, João Damas wrote: > > > Enterprise switch: > > > - RA-guard: your enemy is not -unsolicited- RA, your enemy is > > > -unauthorized- RA. As in, the laptop your sales guy brought in > > > announcing itself as the gateway to the world, even if RA was solicited. > > > > AFAIK RA-guard prevents RA packets being sent from ports, that are "declared" as "hosts" ports and connected hosts not authorized to send RA as such. > > > > how is a host-based mechanism based on prevention of outgoing > packets ever going to work? I mean, it can prevent accidents (perhaps, > it is not a guarantee, look at usual list of ad-hoc Wifi SSIDs at > any event) but it sure won't prevent intentional unauthorised RAs. RA-guard is not host-based but switch-based. You configure the switch "*this* is the port where the router lives" and RAs on all other ports are filtered. See draft-ietf-v6ops-ra-guard-*.txt Gert Doering -- did you enable IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
- Previous message (by thread): [ipv6-wg] New draft document available: Requirements For IPv6 in ICT Equipment
- Next message (by thread): [ipv6-wg] New draft document available: Requirements For IPv6 in ICT Equipment
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ ipv6-wg Archives ]