Pashby, Ronald W CTR NSWCDD-B35 wrote:
The problem with promiscuous monitoring in a switched network is that, if is more than one switch you would need monitors on each switch, because traffic that is between two ports on the same switch does not get forwarded to the other switch. Another problem with promiscuous monitoring is the amount of "good" traffic that you must sift through to find the "bad" stuff. There is also may be a bandwidth issue going to the promiscuous monitor.
Presumably all you'd need to do is to look at all packets that have protocol = icmpv6 (despite whether they are addressed to you or not). You might filter further based on the type of message, but I think we'd already be in the neighborhood of feasible implementation. And the actual intelligence might be either in a central node or in the switches themselves.
In fact, a quick search reveals that e.g. that Cisco supports a switch feature called Dynamic ARP Inspection (DAI), which does this for IPv4 ARP. I'm not sure I see a reason to develop backwards incompatible changes to IPv6 if vendors have already shown that they can solve the issue in other ways. --Jari -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
