This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/ipv6-wg@ripe.net/
[ipv6-wg] New draft document available: Requirements For IPv6 in ICT Equipment
- Previous message (by thread): [ipv6-wg] New draft document available: Requirements For IPv6 in ICT Equipment
- Next message (by thread): [ipv6-wg] New draft document available: Requirements For IPv6 in ICT Equipment
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Gert Doering
gert at space.net
Thu Oct 7 16:30:54 CEST 2010
Hi, On Thu, Oct 07, 2010 at 11:11:17AM +0200, João Damas wrote: > > > Enterprise switch: > > > - RA-guard: your enemy is not -unsolicited- RA, your enemy is > > > -unauthorized- RA. As in, the laptop your sales guy brought in > > > announcing itself as the gateway to the world, even if RA was solicited. > > > > AFAIK RA-guard prevents RA packets being sent from ports, that are "declared" as "hosts" ports and connected hosts not authorized to send RA as such. > > > > how is a host-based mechanism based on prevention of outgoing > packets ever going to work? I mean, it can prevent accidents (perhaps, > it is not a guarantee, look at usual list of ad-hoc Wifi SSIDs at > any event) but it sure won't prevent intentional unauthorised RAs. RA-guard is not host-based but switch-based. You configure the switch "*this* is the port where the router lives" and RAs on all other ports are filtered. See draft-ietf-v6ops-ra-guard-*.txt Gert Doering -- did you enable IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
- Previous message (by thread): [ipv6-wg] New draft document available: Requirements For IPv6 in ICT Equipment
- Next message (by thread): [ipv6-wg] New draft document available: Requirements For IPv6 in ICT Equipment
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ ipv6-wg Archives ]