RE: Broadband Forum liaison to IETF on IPv6 security

["Hemant Singh (shemant)" <shemant@cisco.com>]

Yes, in a cable deployment even if two cable modems (CM) in two different homes on the same upstream physical layer to the Cable edge router (CMTS) cannot talk directly to each other – they have to send their data to the CMTS who then forwards the data to the other modem.   Still I am not convinced of any implications for DAD in SLAAC?  Without any loss of generality, I will only refer to a CMTS for the rest of the discussion but the same is applicable to a DSLAM (or whatever L3 router sits upstream of the DLAM as the first-hop IPv6 router).  Since the CMTS sees all DAD messages from client in the downstream, if the CMTS detects a dup, the CMTS sends a NA to the client  - problem solved.   Of course, now the CMTS is doing ND Proxy which is already specified in cable standards and implemented on Docsis 3.0 IPv6 CMTS routers.  What did I miss? 

 

If the BBF has any new multicast architecture for ND that I have not accounted for, please send me your arch doc and I can look at it and reply to that as well.

 

Hemant

 

From: owner-v6ops@ops.ietf.org [mailto:owner-v6ops@ops.ietf.org] On Behalf Of Fred Baker (fred)
Sent: Thursday, November 05, 2009 5:18 PM
To: Erik Nordmark; Hesham Soliman; JINMEI Tatuya / 神明達哉; Thomas Narten; Susan Thomson (sethomso); william.allen.simpson@gmail.com
Cc: SAVI Mailing List; IETF IPv6 Mailing List; IPv6 Operations; savi-ads@tools.ietf.org; v6ops-ads@tools.ietf.org; 6man-ads@tools.ietf.org; Robin Mersh
Subject: Fwd: Broadband Forum liaison to IETF on IPv6 security

 

Gentlemen:

 

I'm writing to you as the authors of RFCs 4861 and 4862. In a past meeting, I think the one in March, an issue came up in Savi that has now been brought to our attention in a formal manner. The problem is that in certain access network technologies, notably DSL and I believe Cable Modem, the connectivity between the CPE host or router and the ISP's first hop router is siloed - it looks like an Ethernet to the host but in fact is separated into separate channels. The effect is that while the ISP router can speak to and hear all of the CPEs it is connected to, the CPEs cannot hear each other. This has implications for Duplicate Address Detection in SLAAC.

 

We look forward to your advice.

 

Fred Baker

IPv6 Operations

 

Begin forwarded message:





From: Robin Mersh <rmersh@broadband-forum.org>

Date: November 6, 2009 1:42:05 AM GMT+08:00

To: fenner@fenron.com, christian.vogt@ericsson.com, fred.baker@cisco.com, kurtis@kurtis.pp.se, dromasca@avaya.com, rbonica@juniper.net, rdroms@cisco.com, jari.arkko@piuha.net, Mark Townsley <townsley@cisco.com>

Subject: Broadband Forum liaison to IETF on IPv6 security

 

Dear colleagues,

 

For your review, please see the liaison from the Broadband Forum attached below.

 

Best regards,

Robin Mersh

COO

The Broadband Forum

phone: +1 336 288 8013

cell: +1 303 596 7448

email: rmersh@broadband-forum.org