[j-nsp] DHCP IPv6
Mark Tinka
mtinka at globaltransit.net
Mon Oct 10 11:26:29 EDT 2011
On Saturday, October 08, 2011 02:54:40 AM Paul Stewart
wrote:
> Thank you Amos, Robert, Jared, and Scott for the on-list
> and off-list replies.
> Got it up and running – appreciate the responses…
You also want to look out for rogue RA's on the network,
typical of conference or enterprise setups where v6 is
involved.
Common cases have been Windows Vista hosts making themselves
routers and spewing 6-to-4 on the network. Suffice it to
say, DRP implementation in routers (sort of meant to thwart
this) on the subnet is pretty useless.
As you likely know, Rogue RA support is lacking today
(although specs. are already out), as is DHCPv6 Snooping.
Our only solution was to filter at the MAC layer. Hectic,
but luckily, we used few switches and were able to deploy
filters quite rapidly.
Mark.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20111010/d9f235fe/attachment.pgp>
More information about the juniper-nsp
mailing list