[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

turning on comcast v6

On 01/03/2014 04:01 AM, Baldur Norddahl wrote:
> On Fri, Jan 3, 2014 at 10:24 AM, Doug Barton <dougb at dougbarton.us> wrote:
>
>> And you still haven't provided an argument about why the default route
>> should not be added to DHCPv6.
>>
>>
> I was not arguing that it didn't. Just that the perceived problem is not
> real.

Your opinion is that rogue RAs are not a problem. I, and others, 
disagree with you on that; but since that's not really the problem I'm 
trying to solve we can agree to disagree.

What I (and many, many others) have been saying for over a decade is 
that we need to have parity with DHCPv4 in DHCPv6 in order to allow 
organizations that like and use DHCP to use that as their exclusive 
method of configuring IPv6 clients. Often this is to match existing 
administrative boundaries, sometimes it's just a preference (one could 
even say prejudice) against SLAAC/RA, but regardless, that's what is 
needed.

> However, I might be inclined to believe that default route in DHCPv6 is a
> bad idea. It is a confusing concept,

It's not confusing in any way. It matches the well known mechanism 
already in widespread use in DHCPv4.

> since we already no less than three
> methods (*) to discover default route and you want to add a fourth.

The first 2 you mention are rarely used, and not even implemented in 
many, if not most clients. However the fact that there are so many ways 
to do it in IPv6 now is an example of the "Anything but DHCP!" mindset 
of the early IPng architects.

> This
> would be something that needs to be implemented in every client, and thus
> will not really be usable for at least a decade.

Organizations that want this are prepared to do the work of making sure 
that their clients are upgraded, or wait to deploy IPv6 until it's 
available. For most existing organizations there is no urgency to deploy 
IPv6, their current infrastructure works for them. For those new 
organizations forced to deploy IPv6 they will be able to deploy new 
software that handles this option.

... and of course, the sooner we do it, the sooner it will be widely 
available.

> By then everyone are used to RA.

It's been over a decade already, and not only have the security problems 
with RA not yet been solved in a robust way, people are not only not yet 
used to it, they are actively opposing it. Your optimism, while 
admirable, is misplaced here.

> If you did add default route to DHCPv6, what is then supposed to happen to
> the other routes, that the client might discover?

You would configure the client not to do RS, and to ignore any RAs that 
it receives. Simple.

> (*) prefix::, fe80:: and the one you get from RA.

Doug