[141724] in North American Network Operators' Group
Re: The stupidity of trying to "fix" DHCPv6
daemon@ATHENA.MIT.EDU (Ricky Beam)
Fri Jun 10 16:25:08 2011
To: nanog@nanog.org
Date: Fri, 10 Jun 2011 16:24:58 -0400
From: "Ricky Beam" <jfbeam@gmail.com>
In-Reply-To: <20110610134744.GA20607@ussenterprise.ufp.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Fri, 10 Jun 2011 09:47:44 -0400, Leo Bicknell <bicknell@ufp.org> wrote:
> The point is, RA's are operationally fragile and DHCP is operationally
> robust.
No. Both are just as fragile... if you haven't taken steps to protect
them. If you aren't doing any sort of DHCP snooping, anyone can setup a
rogue DHCP server and kill your network -- been there, laughed at them.
Even my *home* lan has DHCP snooping configured.
The only question is support for "RA Guard" in your network hardware. A
lot of old gear isn't going to support it. But DHCP was no different.
--Ricky
PS: Don't read into this... I hate SLAAC and RA, more than most people.
(it's been a bad idea from day one.)
