Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Martin Pelikán (martin.pelikangmail.com)
Date: Fri Sep 10 2010 - 15:28:33 CDT
2010/9/9, Claudio Jeker <cjekerdiehard.n-r-g.com>:
>> And a new flag to struct in6_ifextra?
> Nope, it will be part of ifnet->if_xflags.
Actually, it's already in in6_ifextra->nd_ifinfo->flags, named
ND6_IFF_ACCEPT_RTADV and controlled by the "ndp -i" command. However,
ifconfig autoconfprivacy uses if_xflags and separating these two looks
kind of dirty... Wouldn't it be better to move autoconfprivacy from
ifconfig to ndp (as privacy_rtadv flag)? The option name is pretty
long and the thing is ndp-related... How much would have people
suffered from that change?
And slowly back to the original question. Is it safe to allow
accepting RAs on a router then? I mean in terms of messing with
default router list (make sure the routines only touch RTF_CONNECTED
and correct those XXX'ed conditions with ip forwarding). BTW: RTF_MAX
comment should be "minimum priority" instead of "maximum" :-)
> Because ND depends on multicast and therefor needs a local scope and
> because of this we end up with addressing scopes and then we need
> stateless address assignment on the local scope with duplicate address
> detection and now you're deep down in the darkest of the dark holes.
Strange, I always thought that stateless address assignment and
link-local scope were the features of the protocol :-) DAD just comes
up because it's obviously necessary. And maybe they thought multicast
queries were a bonus for ISPs which cheap switches would broadcast
> Hmm. Please show me a switch that actually does the ND multicast in a
> non-flooding way. By default most multicast is treated like broadcast and
> is flooded all over the place. So there is no gain for a hell lot of pain.
Our peer's Cizcoe C4900M for example. I'm going to test our 3com 4200G
as it should work too. I guess in the size that you really need it,
you already have the money to find a switch that supports it. (and
they probably hoped the manufacturers would cooperate ;-))
> There is nothing wrong with mutlicast where multicast is needed but
> neighbor discovery (aka address resolution) is not one of those cases.
> Sure the theory sounds sexy but in reality it is just painful.
You got that right, it isn't necessary here. I guess I'm just lucky
not being painfully hurt.
> It is a forced deployment and it is only possible because many things
> implied with IPv6 got killed. It is funny that all those things that
> should never ever be needed in IPv6 are suddenly implemented (best example
I thought that that's why the autonomous flag in RA was for from the
very beginning. The RFC from august 1996 has a reference to DHCPv6 in
But yes, a lot of simple things should've been there from the
beginning (RFC 5006 being probably the most user-visible one)
> As an example of political nonsense look at what it took to be able to get
> PI IPv6 space.
Okay, I get it now...