[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Rogue RA WGLC

To: IPv6 Operations <v6ops@ops.ietf.org>
Subject: Re: Rogue RA WGLC
From: Bob Hinden <BOB.HINDEN@nokia.com>
Date: Sat, 22 Nov 2008 16:22:58 -0600
In-reply-to: <CC481882-F6F4-4126-B697-73C81A481C20@cisco.com>
References: <CC481882-F6F4-4126-B697-73C81A481C20@cisco.com>
Reply-to: bob.hinden@nokia.com

Hi,

Some comments on <draft-chown-v6ops-rogue-ra-02.txt>.

Bob

----------

A class of solution that is missing from the draft is NAC (NetworkAccess Control) devices that look for bogus traffic (RAs in this case)and have the ability to disable or quarantine the device bycontrolling the appropriate switch port. This is a hybrid of some ofthe methods suggested in the draft.

I think the discussion in the document of using DHCPv6 as a solutionto rogue RA problem overstates the utility of this as a possiblesolution as it only moves the problem. DHC has the same class ofproblems rogue DHC servers, misconfigured DHC servers, etc., etc. Wehaven't seen this as much in DHCPv6, but it's only a matter of time asit's very common in IPv4. Just ask a university ISP what happens whenthe students appear in the fall and plug in their own WLAN AP in thetheir dorm room. A zillion rogue DHC servers.


It would be nice to make this clearer in the draft.

I think it would make sense to expand the draft to cover both RogueRAs and Rouge DHCPv6 servers as I think we will need solutions forboth protocols and the problems are very similar.

Bob

Follow-Ups:
- Re: Rogue RA WGLC
  - From: Thomas Narten <narten@us.ibm.com>

References:
- Rogue RA WGLC
  - From: Fred Baker <fred@cisco.com>

Prev by Date: RE: DHCP6 and RA,M=1,PIO,A=0
Next by Date: Re: DHCP6 and RA,M=1,PIO,A=0
Previous by thread: Re: DHCP6 and RA,M=1,PIO,A=0
Next by thread: Re: Rogue RA WGLC
Index(es):
- Date
- Thread