[141687] in North American Network Operators' Group
Re: The stupidity of trying to "fix" DHCPv6
daemon@ATHENA.MIT.EDU (Leo Bicknell)
Fri Jun 10 10:28:58 2011
Date: Fri, 10 Jun 2011 07:28:02 -0700
From: Leo Bicknell <bicknell@ufp.org>
To: Iljitsch van Beijnum <iljitsch@muada.com>
Mail-Followup-To: Iljitsch van Beijnum <iljitsch@muada.com>,
nanog@nanog.org
In-Reply-To: <06E52A77-C65C-41C5-B7B0-5770C4A810C7@muada.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--0OAP2g/MAC+5xKAE
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
In a message written on Fri, Jun 10, 2011 at 04:08:06PM +0200, Iljitsch van=
Beijnum wrote:
> Ok, so now we've identified the problem.
>=20
> How exactly does adding default gateway information to DHCPv6 solve this =
problem?
Please go back and re-read my original scenario and think about it.
The difference here is that if a client gets a DHCP address it
generally won't be broken until it tries to renew, and then often
won't be broken at renewal because it sends a directed request back.
In specific technical terms: DHCP relies on broadcast _ONCE_ at
boot, and then uses static unicast config to verify that is still
the correct config. RA's use broadcast every few seconds to broadcast
new information that everyone is supposed to "trust" instantly.
Turn up a Rogue DHCP server on one of your subnets. It won't affect
anyone who's already up and running. It may grab newly booted
machines, depending on a race condition, but it won't break anything
that is already working.
Turn up rogue RA's, and everyone instantly fails.
The behavior of these protocols is different, which leads to different
failure modes. My assertion is that in every failure mode you can
come up with RA's lead to more clients being down faster and for
longer periods of time.
--=20
Leo Bicknell - bicknell@ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
--0OAP2g/MAC+5xKAE
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.13 (FreeBSD)
iQIVAwUBTfIp8bN3O8aJIdTMAQLZlRAAqcnKYNCmaSGMxDM5BRp2zq1bDTawStPO
DCJWXGQS1ID8oMeAD1dvgQVzIorJFzB9h0p92fB9MZJegb3e4aA+XcxdVeYF3wfT
ThDNyP/Cbr5eYJm4BXTR3pplzhFcH8kX7PrBsvo3hfHXVWICpSsuPJNgRKbYGLP0
0vywTe8K0FjUne6mLiKgCm/fiLTZ3rcFXRQa3LD9/A+GJP2cO0/2EuQh2CGLKeuT
+9bQeJqk5Tz9+Sx5pWVbNuToj1BHOSstrkmmDfjAZDzy7J/rXxPVLsNMNu0oMQ3w
7HzU/6I0fd1VUTNj8dFl8Gi4IA5UjIYDoTIo2CzXb6DjyXySmH/Y8nNViUu8Ibzi
r5HVd83WEt5zwN645R027HFxhrsyy7gnhtwJY7gLvp5yp1/E4w5qGCqNS+hL/Q9p
I2/ZorMW4dIaYvhKVQtYEMat3aivyOcyN4saxW6auRs5V9EvNCvJXGpfC5p5szdJ
KsRhVN4Ajf185dNJr2C5E+eLdej8Mbomm/hj3CIEOnbnkNTTPoD/dRsNHSaEopQI
vazPxes5tOUvCSDsr/DZEy89PF52taCGIFwPeKv8eol5StgCNFEnypqdmMkN5SaN
B0j4OqveTcv5vqTqkwt1q5xWnEW5zJVXlMD6slCf+gAd5EQSDVlBTwZv2R2jfzki
adC0IJ3rMYY=
=1HDW
-----END PGP SIGNATURE-----
--0OAP2g/MAC+5xKAE--
