North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: v6 subnet size for DSL & leased line customers
On Dec 26, 2007, at 8:26 AM, Leo Bicknell wrote: In a message written on Tue, Dec 25, 2007 at 12:43:45AM -0500, Kevin Loch wrote:RA is a shotgun. All hosts on a segment get the same gateway. I have It's unlikely that it will matter. In practice, ICMP router discovery died a long time ago, thanks to neglect. Host vendors didn't adopt it, and it languished. The problem eventually got solved with HSRP and its clone, VRRP. This doesn't resolve the real underlying problem: Ethernet is inherently insecure. MAC addresses can be forged, protocols (ARP, ND) can be forged and at this point, there's not much that we can do about it. Architecturally, we need authentication over each and every control plane packet sent. Getting there without invoking the full complexity of a public key infrastructure is still an unsolved problem, AFAIK. Tony
|