[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Broadband Forum liaison to IETF on IPv6 security
- To: "Dunn, Jeffrey H." <jdunn@mitre.org>
- Subject: RE: Broadband Forum liaison to IETF on IPv6 security
- From: Mikael Abrahamsson <swmike@swm.pp.se>
- Date: Fri, 6 Nov 2009 07:36:31 +0100 (CET)
- Cc: "Hemant Singh (shemant)" <shemant@cisco.com>, "Fred Baker (fred)" <fred@cisco.com>, Erik Nordmark <erik.nordmark@sun.com>, Hesham Soliman <hesham@elevatemobile.com>, JINMEI Tatuya / 神明達哉 <jinmei@isl.rdc.toshiba.co.jp>, Thomas Narten <narten@us.ibm.com>, "Susan Thomson (sethomso)" <sethomso@cisco.com>, "william.allen.simpson@gmail.com" <william.allen.simpson@gmail.com>, "6man-ads@tools.ietf.org" <6man-ads@tools.ietf.org>, List <ipv6@ietf.org>, IETF@core3.amsl.com, "savi-ads@tools.ietf.org" <savi-ads@tools.ietf.org>, IPv6 Operations <v6ops@ops.ietf.org>, "v6ops-ads@tools.ietf.org" <v6ops-ads@tools.ietf.org>, SAVI@core3.amsl.com, Robin Mersh <rmersh@broadband-forum.org>, Mailing List <savi@ietf.org>
- In-reply-to: <3C6F21684E7C954193E6C7C4573B762703676D7FCE@IMCMBX1.MITRE.ORG>
- Organization: People's Front Against WWW
- References: <AFC1ACFB-FDFA-482C-AAF9-7995F5CEFE1F@broadband-forum.org> <F311A255-3303-4C9D-B270-D1D23DE31E31@cisco.com> <AF742F21C1FCEE4DAB7F4842ABDC511C11D7EE@XMB-RCD-114.cisco.com> <3C6F21684E7C954193E6C7C4573B762703676D7FCE@IMCMBX1.MITRE.ORG>
- User-agent: Alpine 1.10 (DEB 962 2008-03-14)
On Thu, 5 Nov 2009, Dunn, Jeffrey H. wrote:
I may be missing something, but it appears that, in the cases described,
the two hosts downstream of two separate cable modems are off link to
each other. This brings up the question: Do there two cable modems
constitute two virtual interfaces, like two VLANs on the same physical
router interface? If so, this is an architectural, rather than an
implementation, question. Thoughts?
This is basically "forced forwarding" for the L2 aggregation layer. It's
often done on ETTH deployments as well as cable environments, in IPv4 it's
done in conjunction with local-proxy-arp (in your IP subnet, the ISP
router will answer all ARP requests with its own MAC and all traffic
between clients within the subnet is done via the router which does not
send out ICMP redirects).
In my mind it's unsuitable for clients to run SLAAC in these environments
and the only real alternative is full DHCPv6(-PD) with SAVI-like
functionality in the L2 equipment along the way (in v4 the L2 equipment
does DHCP-snooping and installs L3 filters accordingly).
--
Mikael Abrahamsson email: swmike@swm.pp.se