If the ops community doesn't provide enough addresses and a way to use
them then the vendors will do the same thing they did in v4. It's not
clear to me where their needs don't coincide in this case.
there are three legs to the tripod
network operator
user
equipment
In a message written on Tue, Dec 25, 2007 at 12:43:45AM -0500, Kevin Loch wrote:
RA is a shotgun. All hosts on a segment get the same gateway. I have
no idea what a host on multiple segments with different gateways would
do. Hosting environments can get complex thanks to customer
I would
* Leo Bicknell:
In a message written on Tue, Dec 25, 2007 at 12:43:45AM -0500, Kevin Loch
wrote:
RA is a shotgun. All hosts on a segment get the same gateway. I have
no idea what a host on multiple segments with different gateways would
do. Hosting environments can get complex thanks
* Tim Durack:
Probably why some vendors support dhcp snooping and private vlans for
IPv4 - multiple clients per subnet with isolation.
The isolation is far from perfect because you don't know from which host
the packet actually came. 8-(
On Dec 26, 2007, at 8:26 AM, Leo Bicknell wrote:
In a message written on Tue, Dec 25, 2007 at 12:43:45AM -0500,
Kevin Loch wrote:
RA is a shotgun. All hosts on a segment get the same gateway. I
have
no idea what a host on multiple segments with different gateways
would
do. Hosting
On 26 dec 2007, at 19:22, Tony Li wrote:
This doesn't resolve the real underlying problem: Ethernet is
inherently insecure. MAC addresses can be forged, protocols (ARP,
ND) can be forged and at this point, there's not much that we can do
about it. Architecturally, we need authentication
Tony Li wrote:
On Dec 26, 2007, at 8:26 AM, Leo Bicknell wrote:
It's unlikely that it will matter. In practice, ICMP router discovery
died a long time ago, thanks to neglect. Host vendors didn't adopt it,
and it languished. The problem eventually got solved with HSRP and its
In a message written on Wed, Dec 26, 2007 at 09:19:54PM +0100, Iljitsch van
Beijnum wrote:
Many switches can enforce a MAC/port relationship, so that MAC
addresses can't be spoofed.
Which gets to the crux of my question.
If you're a shop that uses such features today (MAC/Port tracking,
vendors, like everyone else, will do what is in their best interests.
as i am an operator, not a vendor, that is often not what is in my best
interest, marketing literature aside. i believe it benefits the ops
community to be honest when the two do not seem to coincide.
If the ops community
