[118287] in North American Network Operators' Group
Re: IPv6 Deployment for the LAN
daemon@ATHENA.MIT.EDU (Kevin Loch)
Sun Oct 18 11:46:17 2009
Date: Sun, 18 Oct 2009 11:45:22 -0400
From: Kevin Loch <kloch@kl.net>
To: NANOG <nanog@nanog.org>
In-Reply-To: <E3055633-C23C-4AA5-96BD-3674D98A3B84@daork.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Nathan Ward wrote:
>
> On 19/10/2009, at 1:10 AM, Owen DeLong wrote:
>
>> On Oct 18, 2009, at 3:05 AM, Nathan Ward wrote:
>>
>>> On 18/10/2009, at 11:02 PM, Andy Davidson wrote:
>>>
>>>> On 18 Oct 2009, at 09:29, Nathan Ward wrote:
>>>>
>>>>> RA is needed to tell a host to use DHCPv6
>>>>
>>>> This is not ideal.
>>>
>>> Why?
>>> Remember RA does not mean SLAAC, it just means RA.
>>
>> Because RA assumes that all routers are created equal.
>
> RFC4191
In some cases different devices on a segment need a different
default router (for default). This is the fundamental
problem with RA's, they shotgun the entire segment.
>
>> Because RA is harder to filter.
>
> DHCP in IPv4 was hard to filter before vendors implemented it, too.
>
>> Because the bifercated approach to giving a host router/mask
>> information and address information
>> creates a number of unnecessary new security concerns.
>
> Security concerns would be useful to explore. Can you expand on this?
What would be useful would be having the option to give a default
router to a dhcpv6 client, and having vrrpv6 work without RA's.
Why can't we have those options in our toolbox in addition to
this continuously evolving RA+hacks?
- Kevin
