[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


In message <op.vqassatytfhldh at rbeam.xactional.com>, "Ricky Beam" writes:
> On Wed, 02 Feb 2011 17:18:25 -0500, Mark Andrews <marka at isc.org> wrote:
> > Or you just filter them out in the laptop.   With the proper tools you  
> > just ignore and RA's containing 2002:.  Done that for years now.
> Get back to me when you control every network device in the world.
> That may work for you.  In your network.  On devices you control.   
> However, the brokenness is still there.

And rogue DHCP servers also exist.

The reason you see lots of rouge 2002: prefixes announcements is
that ISP's havn't delivered IPv6 so people have routed around them
and turned on 6to4 on their machines.  The problem will mostly go
away once consumer ISP's get off their butts and actually deliver
IPv6 when their customer asked for it (I've been asking this of my
ISP for the last 7 or so years and I suspect I was not alone).  This
is industry self inflicted pain.

As for hosts swithing over to the new prefix immediately I suspect
a lot of that will go away as the host OS's mature.  Just selecting
the router by matching it prefix announcements to the source address
will keep existing sessions going.  It also works better with bcp38
filters.  Add rules which depreference 2002: source addresses and
you won't notice these RA's anymore (this part already exists).

In Leo's case the source address selection part wouldn't have helped
but Leo's case is the router wouldn't have had a 2002 address but
this senario is also rarer.

Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org