Re: [v6ops] I-D Action: draft-ietf-v6ops-v6nd-problems-03.txt
Tina TSOU <Tina.Tsou.Zouting@huawei.com> Thu, 26 January 2012 00:23 UTC
Return-Path: <Tina.Tsou.Zouting@huawei.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D8E5411E80A1 for <v6ops@ietfa.amsl.com>; Wed, 25 Jan 2012 16:23:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.217
X-Spam-Level:
X-Spam-Status: No, score=-6.217 tagged_above=-999 required=5 tests=[AWL=-0.218, BAYES_00=-2.599, J_CHICKENPOX_13=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4oQqLDwqNFhe for <v6ops@ietfa.amsl.com>; Wed, 25 Jan 2012 16:23:03 -0800 (PST)
Received: from szxga01-in.huawei.com (szxga01-in.huawei.com [119.145.14.64]) by ietfa.amsl.com (Postfix) with ESMTP id 1940B11E8097 for <v6ops@ietf.org>; Wed, 25 Jan 2012 16:23:03 -0800 (PST)
Received: from huawei.com (szxga05-in [172.24.2.49]) by szxga05-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0LYD00FHEQECGF@szxga05-in.huawei.com> for v6ops@ietf.org; Thu, 26 Jan 2012 08:23:00 +0800 (CST)
Received: from szxrg01-dlp.huawei.com ([172.24.2.119]) by szxga05-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0LYD00IEVQECAW@szxga05-in.huawei.com> for v6ops@ietf.org; Thu, 26 Jan 2012 08:23:00 +0800 (CST)
Received: from szxeml210-edg.china.huawei.com ([172.24.2.119]) by szxrg01-dlp.huawei.com (MOS 4.1.9-GA) with ESMTP id AGO64902; Thu, 26 Jan 2012 08:21:58 +0800
Received: from SZXEML419-HUB.china.huawei.com (10.82.67.158) by szxeml210-edg.china.huawei.com (172.24.2.183) with Microsoft SMTP Server (TLS) id 14.1.323.3; Thu, 26 Jan 2012 08:21:43 +0800
Received: from SZXEML526-MBS.china.huawei.com ([169.254.7.225]) by szxeml419-hub.china.huawei.com ([10.82.67.158]) with mapi id 14.01.0323.003; Thu, 26 Jan 2012 08:22:33 +0800
Date: Thu, 26 Jan 2012 00:21:48 +0000
From: Tina TSOU <Tina.Tsou.Zouting@huawei.com>
In-reply-to: <5B6B2B64C9FE2A489045EEEADDAFF2C303D50D85@XMB-RCD-109.cisco.com>
X-Originating-IP: [10.193.34.128]
To: "Hemant Singh (shemant)" <shemant@cisco.com>, Warren Kumari <warren@kumari.net>, IPv6 Operations <v6ops@ietf.org>
Message-id: <C0E0A32284495243BDE0AC8A066631A80C27FF10@szxeml526-mbs.china.huawei.com>
MIME-version: 1.0
Content-type: text/plain; charset="us-ascii"
Content-language: en-US
Content-transfer-encoding: 7bit
Accept-Language: en-US, zh-CN
Thread-topic: [v6ops] I-D Action: draft-ietf-v6ops-v6nd-problems-03.txt
Thread-index: AQHM255UuVLISg1SFk6lwjPdJRuNwZYdB/GAgAATNQCAAK1qQA==
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
X-CFilter-Loop: Reflected
References: <20120125201643.4405.40900.idtracker@ietfa.amsl.com> <F7445708-9194-44E8-A1A5-26FEC7FB54E2@kumari.net> <5B6B2B64C9FE2A489045EEEADDAFF2C303D50D85@XMB-RCD-109.cisco.com>
Subject: Re: [v6ops] I-D Action: draft-ietf-v6ops-v6nd-problems-03.txt
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Jan 2012 00:23:04 -0000
Indeed, SLAAC is showing up primarily in environment instrumentation (sensors) and sometimes in the DC for server provisioning coupled with dynamic DNS. It is a good catch besides RA Guard (http://tools.ietf.org/html/rfc6105), a feature in big demand by enterprise customers. Tina > -----Original Message----- > From: v6ops-bounces@ietf.org [mailto:v6ops-bounces@ietf.org] On Behalf Of > Hemant Singh (shemant) > Sent: Wednesday, January 25, 2012 1:57 PM > To: Warren Kumari; IPv6 Operations > Subject: Re: [v6ops] I-D Action: draft-ietf-v6ops-v6nd-problems-03.txt > > Warren, > > Thanks. I support the document to move forward to the IESG. > > Hemant > > -----Original Message----- > From: v6ops-bounces@ietf.org [mailto:v6ops-bounces@ietf.org] On Behalf > Of Warren Kumari > Sent: Wednesday, January 25, 2012 3:48 PM > To: IPv6 Operations > Subject: Re: [v6ops] I-D Action: draft-ietf-v6ops-v6nd-problems-03.txt > > This simply folds in the comments that folk sent to the list during > WGLC. > > W > On Jan 25, 2012, at 3:16 PM, internet-drafts@ietf.org wrote: > > > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. This draft is a work item of the IPv6 Operations Working > Group of the IETF. > > > > Title : Operational Neighbor Discovery Problems > > Author(s) : Igor Gashinsky > > Joel Jaeggli > > Warren Kumari > > Filename : draft-ietf-v6ops-v6nd-problems-03.txt > > Pages : 13 > > Date : 2012-01-25 > > > > In IPv4, subnets are generally small, made just large enough to > cover > > the actual number of machines on the subnet. In contrast, the > > default IPv6 subnet size is a /64, a number so large it covers > > trillions of addresses, the overwhelming number of which will be > > unassigned. Consequently, simplistic implementations of Neighbor > > Discovery (ND) can be vulnerable to deliberate or accidental denial > > of service, whereby they attempt to perform address resolution for > > large numbers of unassigned addresses. Such denial of attacks can > be > > launched intentionally (by an attacker), or result from legitimate > > operational tools or accident conditions. As a result of these > > vulnerabilities, new devices may not be able to "join" a network, it > > may be impossible to establish new IPv6 flows, and existing IPv6 > > transported flows may be interrupted. > > > > This document describes the potential for DOS in detail and suggests > > possible implementation improvements as well as operational > > mitigation techniques that can in some cases be used to protect > > against or at least alleviate the impact of such attacks. > > > > > > A URL for this Internet-Draft is: > > > http://www.ietf.org/internet-drafts/draft-ietf-v6ops-v6nd-problems-03.tx > t > > > > Internet-Drafts are also available by anonymous FTP at: > > ftp://ftp.ietf.org/internet-drafts/ > > > > This Internet-Draft can be retrieved at: > > > ftp://ftp.ietf.org/internet-drafts/draft-ietf-v6ops-v6nd-problems-03.txt > > > > _______________________________________________ > > v6ops mailing list > > v6ops@ietf.org > > https://www.ietf.org/mailman/listinfo/v6ops > > > > _______________________________________________ > v6ops mailing list > v6ops@ietf.org > https://www.ietf.org/mailman/listinfo/v6ops > _______________________________________________ > v6ops mailing list > v6ops@ietf.org > https://www.ietf.org/mailman/listinfo/v6ops
- [v6ops] I-D Action: draft-ietf-v6ops-v6nd-problem… internet-drafts
- Re: [v6ops] I-D Action: draft-ietf-v6ops-v6nd-pro… Warren Kumari
- Re: [v6ops] I-D Action: draft-ietf-v6ops-v6nd-pro… Hemant Singh (shemant)
- Re: [v6ops] I-D Action: draft-ietf-v6ops-v6nd-pro… Tina TSOU
- Re: [v6ops] I-D Action: draft-ietf-v6ops-v6nd-pro… Tim Chown