OpenGear Networks::Blog

« September »
Su	Mo	Tu	We	Th	Fr	Sa
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30

« 2020 »
Months
Jan	Feb	Mar
Apr	May	Jun
Jul	Aug	Sep
Oct	Nov	Dec

Monday, 14 September 2020

Interesting Snippets from 2020-09-14

Feature #7746: Proxy NDP - pfSense - pfSense bugtracker
We have "Proxy ARP" VIPs, now we need "Proxy NDP" VIPs to allow pfSense to function with service providers such as OVH who provide an entire /56 but refuse to route any of it, and require NDP adjacency for any and all of it to work.
GitHub - DanielAdolfsson/ndppd: NDP Proxy Daemon
ndppd, or NDP Proxy Daemon, is a daemon that proxies neighbor discovery messages. It listens for neighbor solicitations on a specified interface and responds with neighbor advertisements - as described in RFC 4861 (section 7.2).
IPv6 – Proxy the neighbors (or come back ARP – we loved you really) « ipsidixit.net
The hole is that IPv6 implementations to date seems to assume that a device is either a full-fledged router or it is an end-point. While “our” gateway device can and does act as a full-fledged router (I can kick out via RADVD router advertisements to my heart’s content) my ISP sees me as an end-point. It sends me router advertisements, but isn’t interested in seeing any back (which, from a security model point of view, is not wholly unreasonable!) When it wants to “route” anything within the /64 range to me it first requires a satisfactory neighbor solicitation/advertisement exchange to take place.
GitHub - AlexandreFenyo/ndproxy: kernel module for FreeBSD that implements IPv6 Neighbor Discovery proxying over Ethernet-like access networks
Kernel module for FreeBSD that implements IPv6 Neighbor Discovery proxying over Ethernet-like access networks With this module, your uplink provider continues to see you as a flat network, but you can subnet your IPv6 prefix and route packets to your preferred gateway (a Cisco router for instance), that may split your network into several subnets. To achieve this goal, your FreeBSD router will redirect packets coming from your uplink provider router to your gateway. You simply need to connect one of your FreeBSD host interfaces to the layer 2 that interconnects your provider and your gateway, and disable MLD snooping on the interconnection switch.
NxFilter Tutorial
What is NxFilter? NxFilter is a high performance network-wide filtering software designed to be used in an enterprise environment. It is not a personal webfilter or a simple AD blocker. NxFilter provides a rich set of features and many of them are the ones you only can find in commercial filtering appliances. It is a full featured DNS filter being able to handle several thousand users easily.

[/snippets] permanent link

Misc	4
Quotes	5
Readings	6
Snippets	784
Technology	17

Calendar

Categories

Search