Fernando Gont <fernando%gont.com.ar@localhost> writes: > On 02/18/2013 06:57 AM, Ignatios Souvatzis wrote: >> On Mon, Feb 18, 2013 at 07:40:58AM +0100, >> 6bone%6bone.informatik.uni-leipzig.de@localhost wrote: >> >>> exists there a maximum size of the ndp table? how can I determine >>> the maximum number of entries? >>> >>> currently 'ndp -a | wc -l' reports 1492 entries and I am not sure if >>> is a problem or not. >> >> *Currently*, the ndp and the arp table are implemented as part of >> the routing PATRICIA tree (but have link-level addresses instead of >> network addresses as next-hop). So there's no limit different other >> than the general routing table limitations. Hm, I think mostly >> kernel memory limitations. > > That is actually a problem: it can be exploited for DoS purposes. -- > even a remote address scanning attack might cause that as a side effect. That may be true of most uses of a routing-table like structure. I am inclined to keep mechanisms for limits on entries separate from the data structure choice, because what I think we want is resilience against attack and good performance in normal cases.
Attachment:
pgpG3Hwzcfzyc.pgp
Description: PGP signature