On Jan 5, 2014, at 11:44 PM, valdis.kletni...@vt.edu wrote: > If Joe Home User has a rogue device spewing RA's, he probably has a bigger > problem than just not having RA Guard enabled. He either has a badly > misconfigured router (and one that's disobeying the mandate to not RA > if you don't have an uplink), or he has a compromised malicious host. > > In either case, he's got bigger fish to fry.
"mandate" isn't the right description. http://tools.ietf.org/html/rfc6059 There is a ~3 year old _proposed standard_ for the behavior you describe. I have yet to see any compliant equipment at $LocalBigBox, but maybe I'm not purchasing the right gear. So yet again, the response I get to "ra's are fragile" is "deploy this brand new band-aid that can't be purchased yet". Can we just have DHCPv6, please? How many dozens of technologies are we going to invent to try and avoid putting a default route in DHCP? -- Leo Bicknell - bickn...@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/
signature.asc
Description: Message signed with OpenPGP using GPGMail
