|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: [NANOG] fair warning: less than 1000 days left to IPv4 exhaustion
Mikael Abrahamsson wrote: > On Sat, 3 May 2008, Randy Bush wrote: > >> back office software >> ip and dns management software >> provisioning tools >> cpe >> measurement and monitoring and billing >> >> and, of course, backbone and aggregation equipment that can actually >> handle real ipv6 traffic flows with acls and chocolate syrup. > > Not to mention, you want to be able to do the regular antispoofing etc and > your security devices (which might be based on L2 switches doing DHCP > snooping) doesn't do IPv6, so you need to replace them (or live with lower > security) and this needs serious budget. Or you'll have to revert to what you did before dhcp filtering switches. Which was watch for replies from rogues and then update your mac filters accordingly or drop the host onto a quarantine vlan. should work quite well for rogue RAs and rogue dhcpv6 servers. Obviously it's reactive rather than proactive but it can be quite effective if automated. _______________________________________________ NANOG mailing list [email protected] http://mailman.nanog.org/mailman/listinfo/nanog
|