[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [dhcwg] DHCPv6 router option

To: Frank Sweetser <fs at WPI.EDU>
Subject: Re: [dhcwg] DHCPv6 router option
From: JINMEI Tatuya / 神明達哉 <Jinmei_Tatuya at isc.org>
Date: Fri, 13 Mar 2009 12:19:07 -0700
Cc: "dhcwg at ietf.org WG" <dhcwg at ietf.org>, Ted Lemon <Ted.Lemon at nominum.com>
Delivered-to: dhcwg at core3.amsl.com
In-reply-to: <49B80B7D.10102 at wpi.edu>
List-archive: <http://www.ietf.org/mail-archive/web/dhcwg>
List-help: <mailto:dhcwg-request@ietf.org?subject=help>
List-id: <dhcwg.ietf.org>
List-post: <mailto:dhcwg@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
References: <E206991E-081C-4EFC-81AD-7559DCBDD864 at muada.com> <20090311.175355.74747534.sthaug at nethelp.no> <29D0BBDB-051B-4811-A118-B5D6C96939A1 at nominum.com> <49B80B7D.10102 at wpi.edu>
User-agent: Wanderlust/2.14.0 (Africa) Emacs/22.1 Mule/5.0 (SAKAKI)

At Wed, 11 Mar 2009 15:05:33 -0400,
Frank Sweetser <fs at WPI.EDU> wrote:

> > This is a major hot-button issue.   People have extremely strong  
> > opinions about it.   It happens that although you and Iljitsch  
> > disagree on what to do, you both have valid points.   At the same  
> > time, you appear to be talking past each other.
> > 
> > What appears to be worrying Iljitsch, which you do not appear to be  
> > concerned about, is that if a DHCPv6 client is receptive to this  
> > option, it will trust it even when it is wrong, not just on your  
> > network but on his.   So adoption of this option affects Iljitsch just  
> > as much as it affects you - he can't "opt out."
> 
> Just to throw some more sand in the gears, there's also no guarantee that the
> RAs your clients are hearing are usable for them.  Just last week, I had all
> IPv6 enabled clients in one subnet lose connectivity.  After some digging
> around, it turned out that an XP box had began sending RAs, advertising its
> link local address as a default gateway.  Once you allow fumble-fingered
> admins into the equation, not much is safe.
> 
> When SOHO devices from Linksys and Netgear start appearing with IPv6 support,
> it's inevitable that those of us running EDU networks with dorms will have to
> deal with students plugging them in the wrong way around, just as they have
> been doing for many years.  While this may be a "new" problem in that it uses
> RA to break the subnet, it's really not different from using DHCPv4 or ARP.  I
> strongly suspect that in the end the switch vendors are going to have to
> create v6 analogues to the ARP and DHCP rogue server prevention features
> they've already implemented for v4.

This issue has been well discussed (though I'm not sure if we reached
a clear consensus).  See draft-chown-v6ops-rogue-ra-03.txt and the
past discussions on that draft at v6ops.  I'm personally not yet
convinced that this 'rogue RA' issue warrants the introduction of a
new router option for DHCPv6 (despite its clear disadvantage such as
conflicting information), but I also understand mileage varies very
much on this issue.

---
JINMEI, Tatuya
Internet Systems Consortium, Inc.

References:
- [dhcwg] DHCPv6 router option
  - From: Iljitsch van Beijnum
- Re: [dhcwg] DHCPv6 router option
  - From: sthaug
- Re: [dhcwg] DHCPv6 router option
  - From: Ted Lemon
- Re: [dhcwg] DHCPv6 router option
  - From: Frank Sweetser

Prev by Date: Re: [dhcwg] DHCPv6 router option
Next by Date: [dhcwg] *FINAL* agenda for dhc WG meeting
Previous by thread: Re: [dhcwg] DHCPv6 router option
Next by thread: Re: [dhcwg] DHCPv6 router option
Index(es):
- Date
- Thread