[118283] in North American Network Operators' Group
RE: IPv6 Deployment for the LAN
daemon@ATHENA.MIT.EDU (TJ)
Sun Oct 18 07:56:51 2009
From: "TJ" <trejrco@gmail.com>
To: "'NANOG list'" <nanog@nanog.org>
In-Reply-To: <37998969-1C18-47FB-81F2-D3CA11501F2E@nosignal.org>
Date: Sun, 18 Oct 2009 07:58:00 -0400
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
"> RA is needed to tell a host to use DHCPv6
This is not ideal."
That is entirely a matter of opinion, and one frequently debated still.
FWLIW - I think RAs are a perfectly fine way to distribute information about
the router itself, and to provide hints about the environment (e.g. - "Yes,
we do Stateful DHCPv6 here ("+M", and "+O' as well" ...)
/TJ
-----Original Message-----
From: Andy Davidson [mailto:andy@nosignal.org]
Sent: Sunday, October 18, 2009 6:02 AM
To: NANOG list
Subject: Re: IPv6 Deployment for the LAN
On 18 Oct 2009, at 09:22, Mark Smith wrote:
> If it's because somebody could start up a rogue router and announce
> RAs, I think a rogue DHCPv6 server is (or will be) just as much a
> threat, if not more of one - I think it's more likely server OSes
> will include DHCPv6 servers than RA "servers".
Disagree - rogue offers affect people without a lease, so the impact
of an attack is not immediate. Filtering DHCP on v4 is well
understood, an update to current operational practice rather than a
new system.
On 18 Oct 2009, at 09:29, Nathan Ward wrote:
> RA is needed to tell a host to use DHCPv6
This is not ideal.
Andy
