On 01/31/2014 09:33 AM, Mohacsi Janos wrote: > >> On 29/01/2014 22:19, Cricket Liu wrote: >>> Consensus around here is that we support DHCPv6 for non-/64 subnets >>> (particularly in the context of Prefix Delegation), but the immediate >>> next question is "Why would you need that?" >> >> /64 netmask opens up nd cache exhaustion as a DoS vector. > > ND cache size Should be limited by HW/SW vendors - limiting number > entries ND cache entries per MAC adresss, limiting number of outstanding > ND requests etc.
+1 Don't blame the subnet size for sloppy implementations. Cheers, -- Fernando Gont e-mail: [email protected] || [email protected] PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
