Juliusz Chroboczek <[email protected]> wrote: >> I don't think inventing yet another protocol makes sense here. What >> is your usecase here?
> Remember all the trouble we had with rogue RAs? An RA-killer protocol
So, the problem is that if we have a RA-killer protocol, then we have a
potential DoS from a "compromised" internal host. Maybe that's a good
thing, if that LAN goes down, then the compromised host is disconnected
too... or maybe it's a problem that mom and dad are going to have to deal
with.
What it means is that this RA-killer will have to be advisory. This
is really akin to the "there is no IPv4 here" message that some Sunset4
wanted to have.
It seems to me that sending this RA-killer HNCP message is no more or less
complicated than answering with a null DHCPv[46] offer for an ISP.
(It's all new code)
... but I understand your desire to keep RAs off networks where they do not
belong. Perhaps RAs (and IPv6 prefix allocation) should be suppressed on
networks on which no IPv6 traffic has been seen, and no RSs have ever
occured.
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
