Jeff Wheeler (jsw) writes:
> are badly needed. The largest current routing devices have room for
> about 100,000 ARP/NDP entries, which can be used up in a fraction of a
> second with a gigabit of malicious traffic flow. What happens after
> that is the problem, and we need to tell our vendors what knobs we
> want so we can "choose our own failure mode" and limit damage to one
> interface/LAN.
Well there are *some* knobs:
http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-addrg_bsc_con.html#wp1369018
Not very smart, as it just controls how fast you run out of entries.
I haven't read all entries in this thread yet, but I wonder if
http://tools.ietf.org/html/draft-jiang-v6ops-nc-protection-01 has been
mentioned ?
Seems also that this topic has been brought up here a year ago give
or take a couple of weeks:
http://www.mail-archive.com/nanog@nanog.org/msg18841.html
Cheers,
Phil
