At Thu, 28 Aug 2008 17:04:15 +0200,
Stephane Bortzmeyer wrote:

> > http://www.ietf.org/internet-drafts/...igation-00.txt

>
> > o source address randomisation
> >
> > If the resolver has multiple public IP addresses these can be used
> > to randomise with.

>
> With IPv4, this would add only one or two bits of entropy.
>
> But, with IPv6, there is a huge potential for randomisation, may be 64
> bits of entropy if the resolver has a full /64.
>
> However, it has implications for the router's Neighbor Discovery
> cache. Did anyone tried aggressive source address randomisation with
> IPv6 to see until where the router and/or server OS can go?


I've not played with this idea yet, but if I were to do it, I would
reserve a separate /64 for the server machine, assign any addresses
under that prefix on some "loopback" interface (with disabling DAD),
and let the server announce the prefix for neighboring routers (and
have them accept the route).

---
JINMEI, Tatuya
Internet Systems Consortium, Inc.

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: