[141658] in North American Network Operators' Group
Re: The stupidity of trying to "fix" DHCPv6
daemon@ATHENA.MIT.EDU (Iljitsch van Beijnum)
Fri Jun 10 06:21:23 2011
From: Iljitsch van Beijnum <iljitsch@muada.com>
In-Reply-To: <20110610.121037.74748867.sthaug@nethelp.no>
Date: Fri, 10 Jun 2011 12:20:16 +0200
To: sthaug@nethelp.no
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 10 jun 2011, at 12:10, sthaug@nethelp.no wrote:
>> So where do I point out the stupidity of trying to fix this =
non-brokenness?
> Several large operators have said, repeatedly, that they want to use
> DHCPv6 without RA. I disagree that this is stupid.
It is a mistake to want this, because having the router tell you who the =
router is gives you fait sharing so less breakage. It's also unnecessary =
because you still need cooperation from your switches to be safe from =
rogue DHCPv6 servers even if you go visit all your hosts and turn off =
stateless autoconfig in an effort to thwart rogue RAs.
But it's stupid to want to change DHCPv6 just now the last major OS is =
about to start supporting it. That continues the current situation where =
anyone who isn't happy with autoconfig-only can't make a configuration =
that works will all major OSes.
> We're planning to use DHCPv6 and RA (with no prefixes, only for the
> link local next hop). This is more complex than using DHCPv6 alone,
> without RA, would be.
It is. It's also more robust. And doing this is less complex than trying =
to change DHCPv6 so you get to use a less complex system in the future =
after a complex transition.=
