[141662] in North American Network Operators' Group
Re: The stupidity of trying to "fix" DHCPv6
daemon@ATHENA.MIT.EDU (Tim Chown)
Fri Jun 10 06:41:11 2011
In-Reply-To: <E4F78E26-C505-426C-94E3-EAB716E70B74@muada.com>
From: Tim Chown <tjc@ecs.soton.ac.uk>
Date: Fri, 10 Jun 2011 11:40:58 +0100
To: NANOG list <nanog@nanog.org>
X-ECS-MailScanner-From: tjc@ecs.soton.ac.uk
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 10 Jun 2011, at 11:20, Iljitsch van Beijnum wrote:
> On 10 jun 2011, at 12:10, sthaug@nethelp.no wrote:
>=20
>>> So where do I point out the stupidity of trying to fix this =
non-brokenness?
>=20
>> Several large operators have said, repeatedly, that they want to use
>> DHCPv6 without RA. I disagree that this is stupid.
>=20
> It is a mistake to want this, because having the router tell you who =
the router is gives you fait sharing so less breakage. It's also =
unnecessary because you still need cooperation from your switches to be =
safe from rogue DHCPv6 servers even if you go visit all your hosts and =
turn off stateless autoconfig in an effort to thwart rogue RAs.
>=20
> But it's stupid to want to change DHCPv6 just now the last major OS is =
about to start supporting it. That continues the current situation where =
anyone who isn't happy with autoconfig-only can't make a configuration =
that works will all major OSes.
Well, remember that, from Google's estimate, only 0.3% of the access =
networks are IPv6 capable, so there's still 99.7% to deploy. But yes, =
any changes to add features a la =
draft-droms-dhc-dhcpv6-default-router-00 would take time, and support in =
the IETF seems minimal.
>> We're planning to use DHCPv6 and RA (with no prefixes, only for the
>> link local next hop). This is more complex than using DHCPv6 alone,
>> without RA, would be.
>=20
> It is. It's also more robust. And doing this is less complex than =
trying to change DHCPv6 so you get to use a less complex system in the =
future after a complex transition.
The focus right now should be on getting the existing RA+DHCPv6 to work =
as intended, and to validate the model within the 0.3% base. I don't =
buy that a transition from RA+DHCP to DHCP-only is particularly complex =
though. Turn off the RAs and let DHCP do it's (extra) things. However, =
you'd then need to know that every device you want to network supports =
that new DHCP-only operation, and that will be some time off, if it =
happens at all.
Standing back a little, I can see an argument that IPv6 would be an =
easier 'sell' if there were two modes of operation, one with only RAs, =
and one with only DHCPv6.
Tim
