[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [savi] Broadband Forum liaison to IETF on IPv6 security

From: Mikael Abrahamsson <swmike at swm.pp.se>
To: "Dunn, Jeffrey H." <jdunn at mitre.org>
Cc: Thomas Narten <narten at us.ibm.com>, "Hemant Singh \(shemant\)" <shemant at cisco.com>, List <ipv6 at ietf.org>, SAVI at core3.amsl.com, "william.allen.simpson at gmail.com" <william.allen.simpson at gmail.com>, Hesham Soliman <hesham at elevatemobile.com>, "savi-ads at tools.ietf.org" <savi-ads at tools.ietf.org>, Robin Mersh <rmersh at broadband-forum.org>, "6man-ads at tools.ietf.org" <6man-ads at tools.ietf.org>, "Susan Thomson \(sethomso\)" <sethomso at cisco.com>, "v6ops-ads at tools.ietf.org" <v6ops-ads at tools.ietf.org>, IETF at core3.amsl.com, IPv6 Operations <v6ops at ops.ietf.org>, Mailing List <savi at ietf.org>, JINMEI Tatuya / 神明達哉 <jinmei at isl.rdc.toshiba.co.jp>
Date: Fri, 6 Nov 2009 07:36:31 +0100 (CET)
In-reply-to: <3C6F21684E7C954193E6C7C4573B762703676D7FCE at IMCMBX1.MITRE.ORG>
References: <AFC1ACFB-FDFA-482C-AAF9-7995F5CEFE1F at broadband-forum.org> <F311A255-3303-4C9D-B270-D1D23DE31E31 at cisco.com> <AF742F21C1FCEE4DAB7F4842ABDC511C11D7EE at XMB-RCD-114.cisco.com> <3C6F21684E7C954193E6C7C4573B762703676D7FCE at IMCMBX1.MITRE.ORG>

On Thu, 5 Nov 2009, Dunn, Jeffrey H. wrote:

I may be missing something, but it appears that, in the cases described,the two hosts downstream of two separate cable modems are off link toeach other. This brings up the question: Do there two cable modemsconstitute two virtual interfaces, like two VLANs on the same physicalrouter interface? If so, this is an architectural, rather than animplementation, question. Thoughts?

This is basically "forced forwarding" for the L2 aggregation layer. It'soften done on ETTH deployments as well as cable environments, in IPv4 it'sdone in conjunction with local-proxy-arp (in your IP subnet, the ISProuter will answer all ARP requests with its own MAC and all trafficbetween clients within the subnet is done via the router which does notsend out ICMP redirects).

In my mind it's unsuitable for clients to run SLAAC in these environmentsand the only real alternative is full DHCPv6(-PD) with SAVI-likefunctionality in the L2 equipment along the way (in v4 the L2 equipmentdoes DHCP-snooping and installs L3 filters accordingly).


--
Mikael Abrahamsson    email: swmike at swm.pp.se

Follow-Ups:
- Re: [savi] Broadband Forum liaison to IETF on IPv6 security
  - From: Eric Levy-Abegnoli

References:
- [savi] Fwd: Broadband Forum liaison to IETF on IPv6 security
  - From: Fred Baker
- Re: [savi] Broadband Forum liaison to IETF on IPv6 security
  - From: Hemant Singh (shemant)
- Re: [savi] Broadband Forum liaison to IETF on IPv6 security
  - From: Dunn, Jeffrey H.

Prev by Date: [savi] Presenters please send slides
Next by Date: Re: [savi] Broadband Forum liaison to IETF on IPv6 security
Previous by thread: Re: [savi] Broadband Forum liaison to IETF on IPv6 security
Next by thread: Re: [savi] Broadband Forum liaison to IETF on IPv6 security
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.