[136302] in North American Network Operators' Group
Re: quietly....
daemon@ATHENA.MIT.EDU (Owen DeLong)
Wed Feb 2 08:17:20 2011
From: Owen DeLong <owen@delong.com>
In-Reply-To: <EF41A073-14FB-4A77-910A-8734AD646A29@muada.com>
Date: Wed, 2 Feb 2011 05:10:20 -0800
To: Iljitsch van Beijnum <iljitsch@muada.com>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Feb 2, 2011, at 4:50 AM, Iljitsch van Beijnum wrote:
> On 2 feb 2011, at 12:39, Owen DeLong wrote:
>=20
>> I would point to 6to4 and the RAs coming from Windows Laptops that =
think they are routers because someone clicked on an ICS checkbox as a =
counter example that letting things that think they are routers announce =
their presence is, in fact, proof that it is not only possible that =
something goes wrong, but, commonplace.
>=20
> I didn't say they were necessarily good routers.
>=20
No, you said the router always knows better than the DHCP server. This =
is an example of a common case where
it does not.
> The issue of rogue routers and DHCP servers is a separate one. =
Obviously if you have rogue RAs but no rogue DHCPv6 then it helps if you =
can ignore the RAs and put all the info in DHCPv6. But the same bad =
practices that created rogue RAs can just as easily create rogue DHCPv6 =
servers so this is not a real solution, just very limited managing of =
symptoms.
>=20
It really isn't. If the DHCP server on a subnet could override the rogue =
routers RA messages by policy, then, it would actually make it fairly =
trivial to address this issue.
Unfortunately because administrators don't have that option, we're =
stuck.
> But there's so much wrong with DHCPv6 that trying to fix it is pretty =
much useless, we need to abandon DHCP and start from scratch. Good thing =
IPv6 works just fine without DHCPv6.
This is a clear example of the myopia in the IETF that has operators so =
frustrated.
Owen
