[112036] in North American Network Operators' Group
Re: IPv6 Confusion
daemon@ATHENA.MIT.EDU (Mikael Abrahamsson)
Wed Feb 18 15:52:41 2009
Date: Wed, 18 Feb 2009 21:52:29 +0100 (CET)
From: Mikael Abrahamsson <swmike@swm.pp.se>
To: nanog list <nanog@nanog.org>
In-Reply-To: <28611E30-245F-4BB7-97C0-EF7B60B0D9A3@daork.net>
Errors-To: nanog-bounces@nanog.org
On Thu, 19 Feb 2009, Nathan Ward wrote:
> It seems there are lots of people who want auto configuration in IPv6
> but who clearly do not do this in IPv4. That seems strange, to me.
"Everybody" uses DHCP in IPv4, it's just that there is functionality in
the equipment we use to make sure it can only be received from certain
places and we apply security based on snooping the DHCP traffic.
So, the fact that "RA guard" isn't widely available is a showstopper for
deploying native IPv6 in a lot of environments because it just can't be
done in a secure manner.
I am sure the equivalent measures can be implemented for IPv6, it's just
that someone needs to do it, and it's a mystery to me how all these
security functions aren't available from the IETF already. As said before,
a lot of the security mechanisms involved in securing IPv4 hasn't been
implemented in IPv6.
--
Mikael Abrahamsson email: swmike@swm.pp.se
