[118277] in North American Network Operators' Group
Re: IPv6 Deployment for the LAN
daemon@ATHENA.MIT.EDU (Nathan Ward)
Sun Oct 18 04:30:48 2009
From: Nathan Ward <nanog@daork.net>
In-Reply-To: <20091018185247.50967833@opy.nosense.org>
Date: Sun, 18 Oct 2009 21:29:41 +1300
To: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 18/10/2009, at 9:22 PM, Mark Smith wrote:
> I'm curious what the issue is with not having a default-router option
> in DHCPv6?
This mechanism is provided by RA.
RA is needed to tell a host to use DHCPv6, so RA is going to be there
whenever you have DHCPv6.
There's no point putting a default router option in to DHCPv6 at this
point.
> If it's because somebody could start up a rogue router and announce
> RAs, I think a rogue DHCPv6 server is (or will be) just as much a
> threat, if not more of one - I think it's more likely server OSes will
> include DHCPv6 servers than RA "servers".
Perhaps, but if you're operating a LAN segment you're going to want to
filter rouge RA and DHCPv6 messages from your network, just like you
do with DHCP in IPv4.
Filtering RA and DHCPv6 are done in very similar ways.
--
Nathan Ward
