On Fri, 31 Jan 2014, Nick Hilliard wrote:
On 29/01/2014 22:19, Cricket Liu wrote:
Consensus around here is that we support DHCPv6 for non-/64 subnets
(particularly in the context of Prefix Delegation), but the immediate
next question is "Why would you need that?"
/64 netmask opens up nd cache exhaustion as a DoS vector.
ND cache size Should be limited by HW/SW vendors - limiting number entries
ND cache entries per MAC adresss, limiting number of outstanding ND
requests etc.
Best Regards,
Janos Mohacsi
