we had a couple of suggestions. http://www.ietf.org/id/draft-gashinsky-v6nd-enhance-00.txt
On Jul 12, 2011, at 1:48 AM, Philip Homburg wrote: > Occasionally the subject comes up: /64 (and SLAAC) is bad because it is > easy to DoS routers by getting to perform too much ND. > > At least in theory this seems to be a valid complaint. A router can (and > should) carefully allocate resources for ND to avoid having ND interfere with > other parts of the routers functionality. > > But in the end, if the ND part of a router is overloaded and it needs to do > ND for a genuine neighbor, it may have to drop the packet. > > So what I was thinking of, what if a router that is under attack would > periodically multicast to the all-nodes multicast address a message saying > "help I'm under attack". Upon receiving such a message all nodes send a > neighbor solication to the router. This populates the router's neighbor > cache with entries for all of it's neighbors. Thus ensuring that normal > traffic > can flow uninterrupted. > > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > [email protected] > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- > -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
