[170377] in North American Network Operators' Group
Re: IPv6 Security [Was: Re: misunderstanding scale]
daemon@ATHENA.MIT.EDU (Chuck Anderson)
Wed Mar 26 20:51:42 2014
Date: Wed, 26 Mar 2014 20:50:40 -0400
From: Chuck Anderson <cra@WPI.EDU>
To: nanog@nanog.org
Mail-Followup-To: nanog@nanog.org
In-Reply-To: <CAFy81rkzTLQOzEYRq1Aqh23AZyTnqR8waxe=9scUovUJAXX2CQ@mail.gmail.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Wed, Mar 26, 2014 at 06:52:53PM -0500, Timothy Morizot wrote:
> On Mar 26, 2014 6:27 PM, "Luke S. Crawford" <lsc@prgmr.com> wrote:
> > My original comment and complaint, though, was in response to the
> assertion that DHCPv6 is as robust as DHCPv4. My point is that DHCPv6
> does not fill the role that DHCPv4 fills, if you care about tying an IP to
> a MAC and you want that connection to persist across OS installs by
> customers.
>
> You're right. DHCPv6 is more robust than DHCPv4. At least those of us in
> the enterprise space appreciate a client identifier that doesn't change
> when the hardware changes.
No, it is LESS robust, because the client identifier changes when the
SOFTWARE changes. Around here, software changes MUCH more often than
hardware. Heck, even a dual-boot scenario breaks the client
identifier stability. Worse yet, DHCPv6 has created a scenario where
a client's IPv4 connectivity and IPv6 connectivity break under
/different/ scenarios, causing difficult-to-troubleshoot
half-connectivity issues when either the hardware is replaced or the
software is reloaded.
