[118286] in North American Network Operators' Group
Re: IPv6 Deployment for the LAN
daemon@ATHENA.MIT.EDU (Nathan Ward)
Sun Oct 18 08:40:25 2009
From: Nathan Ward <nanog@daork.net>
Date: Mon, 19 Oct 2009 01:39:29 +1300
In-Reply-To: <7434E004-E1E1-4FD7-A9A4-2E2C6140F3F4@delong.com>
To: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 19/10/2009, at 1:10 AM, Owen DeLong wrote:
> On Oct 18, 2009, at 3:05 AM, Nathan Ward wrote:
>
>> On 18/10/2009, at 11:02 PM, Andy Davidson wrote:
>>
>>> On 18 Oct 2009, at 09:29, Nathan Ward wrote:
>>>
>>>> RA is needed to tell a host to use DHCPv6
>>>
>>> This is not ideal.
>>
>> Why?
>> Remember RA does not mean SLAAC, it just means RA.
>
> Because RA assumes that all routers are created equal.
RFC4191
> Because RA is harder to filter.
DHCP in IPv4 was hard to filter before vendors implemented it, too.
> Because the bifercated approach to giving a host router/mask
> information and address information
> creates a number of unnecessary new security concerns.
Security concerns would be useful to explore. Can you expand on this?
--
Nathan Ward
