Jeff Wheeler (jsw) writes:
> are badly needed.  The largest current routing devices have room for
> about 100,000 ARP/NDP entries, which can be used up in a fraction of a
> second with a gigabit of malicious traffic flow.  What happens after
> that is the problem, and we need to tell our vendors what knobs we
> want so we can "choose our own failure mode" and limit damage to one
> interface/LAN.

        Well there are *some* knobs:

        
http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-addrg_bsc_con.html#wp1369018

        Not very smart, as it just controls how fast you run out of entries.

        I haven't read all entries in this thread yet, but I wonder if
        http://tools.ietf.org/html/draft-jiang-v6ops-nc-protection-01 has been
        mentioned ?

        Seems also that this topic has been brought up here a year ago give
        or take a couple of weeks:

        http://www.mail-archive.com/nanog@nanog.org/msg18841.html


        Cheers,
        Phil

Reply via email to