RE: Broadband Forum liaison to IETF on IPv6 security
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Broadband Forum liaison to IETF on IPv6 security
- To: "Dunn, Jeffrey H." <jdunn at mitre.org>
- Subject: RE: Broadband Forum liaison to IETF on IPv6 security
- From: Mikael Abrahamsson <swmike at swm.pp.se>
- Date: Fri, 6 Nov 2009 07:36:31 +0100 (CET)
- Cc: Thomas Narten <narten at us.ibm.com>, List <ipv6 at ietf.org>, SAVI at core3.amsl.com, "william.allen.simpson at gmail.com" <william.allen.simpson at gmail.com>, Hesham Soliman <hesham at elevatemobile.com>, Erik Nordmark <erik.nordmark at sun.com>, "savi-ads at tools.ietf.org" <savi-ads at tools.ietf.org>, Robin Mersh <rmersh at broadband-forum.org>, "6man-ads at tools.ietf.org" <6man-ads at tools.ietf.org>, "Susan Thomson \(sethomso\)" <sethomso at cisco.com>, "Fred Baker \(fred\)" <fred at cisco.com>, "v6ops-ads at tools.ietf.org" <v6ops-ads at tools.ietf.org>, IETF at core3.amsl.com, IPv6 Operations <v6ops at ops.ietf.org>, Mailing List <savi at ietf.org>, JINMEI Tatuya / 神明達哉 <jinmei at isl.rdc.toshiba.co.jp>
- Delivered-to: ipv6 at core3.amsl.com
- In-reply-to: <3C6F21684E7C954193E6C7C4573B762703676D7FCE at IMCMBX1.MITRE.ORG>
- List-archive: <http://www.ietf.org/mail-archive/web/ipv6>
- List-help: <mailto:ipv6-request@ietf.org?subject=help>
- List-id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
- List-post: <mailto:ipv6@ietf.org>
- List-subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
- List-unsubscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
- Organization: People's Front Against WWW
- References: <AFC1ACFB-FDFA-482C-AAF9-7995F5CEFE1F at broadband-forum.org> <F311A255-3303-4C9D-B270-D1D23DE31E31 at cisco.com> <AF742F21C1FCEE4DAB7F4842ABDC511C11D7EE at XMB-RCD-114.cisco.com> <3C6F21684E7C954193E6C7C4573B762703676D7FCE at IMCMBX1.MITRE.ORG>
- User-agent: Alpine 1.10 (DEB 962 2008-03-14)
On Thu, 5 Nov 2009, Dunn, Jeffrey H. wrote:
I may be missing something, but it appears that, in the cases described,
the two hosts downstream of two separate cable modems are off link to
each other. This brings up the question: Do there two cable modems
constitute two virtual interfaces, like two VLANs on the same physical
router interface? If so, this is an architectural, rather than an
implementation, question. Thoughts?
This is basically "forced forwarding" for the L2 aggregation layer. It's
often done on ETTH deployments as well as cable environments, in IPv4 it's
done in conjunction with local-proxy-arp (in your IP subnet, the ISP
router will answer all ARP requests with its own MAC and all traffic
between clients within the subnet is done via the router which does not
send out ICMP redirects).
In my mind it's unsuitable for clients to run SLAAC in these environments
and the only real alternative is full DHCPv6(-PD) with SAVI-like
functionality in the L2 equipment along the way (in v4 the L2 equipment
does DHCP-snooping and installs L3 filters accordingly).
--
Mikael Abrahamsson email: swmike at swm.pp.se
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
