Ted Lemon wrote: > There probably is no single solution. But let's consider the solution > Mark proposed: use the fact that you control the infrastructure to > control the flow of packets on the network in such a way that rogue RAs > cannot reach leaf nodes. The reason I object to this solution, in > addition to the fact that it breaks multicast, is that it's a firewall > solution: the client doesn't know it's safe, and as soon as it connects > to a network that's not protected in this way, it's vulnerable. But > the model of using infrastructure control as a credential is > interesting.
While I too find it hard to accept the ETTH solution as being "real" Ethernet, I believe it is the network that is trying to protect itself here, more than altruistic protection of clients. If clients are protected as a result, great. Yes, in another network, those same clients might not be protected at all. Your solutions appear to be more client-oriented. Bert -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
