On 2014-02-06 20:04, Mikael Abrahamsson wrote:
No, you don't. It works perfectly well without direct port-to-port
communication, you just have to align L3 configuration with this L2 behavior
(which can be done in IPv6 but not in IPv4).
IPv6 can be made to work without on-link /64, with only DHCPv6 IA_NA
(optional) and only DHCPv6-PD. This means all communication goes via the
router which then is perfectly aligned with how the L2 looks like with port
isolation/private vlan.
Yes, you are of course correct. I was thinking about selective filtering
information between ports, but that is stupid/way too complex and most
hardware cannot do that in a good way.
I guess you still need proxy-ND or similar as described in RFC4389, and you
don't accept clients with IP addresses not assigned over DHCPv6. Fair
tradeoffs, SLAAC does not work with abuse etc.
/Anders
