[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [dhcwg] DHCPv6 router option

To: "John Jason Brzozowski" <john_brzozowski at cable.comcast.com>, "Ralph Droms (rdroms)" <rdroms at cisco.com>, "Ted Lemon" <Ted.Lemon at nominum.com>
Subject: Re: [dhcwg] DHCPv6 router option
From: "Hemant Singh (shemant)" <shemant at cisco.com>
Date: Mon, 23 Mar 2009 20:31:34 -0400
Authentication-results: sj-dkim-4; header.From=shemant at cisco.com; dkim=pass ( sig from cisco.com/sjdkim4002 verified; );
Cc: dhc WG <dhcwg at ietf.org>, int-area at ietf.org
Delivered-to: dhcwg at core3.amsl.com
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; l=2400; t=1237854696; x=1238718696; c=relaxed/simple; s=sjdkim4002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=shemant at cisco.com; z=From:=20=22Hemant=20Singh=20(shemant)=22=20<shemant at cisco. com> |Subject:=20RE=3A=20[dhcwg]=20DHCPv6=20router=20option |Sender:=20; bh=aw6jFE/rpDI3klAFqApQkA19wGA3/AlfBR3KDdwdurY=; b=nliffKraPh74PM/XpfMHUlWD26o1sV9feh3w5zzr42A1NxFm+hgUQY+Akf NuYmqYLNx0FEu9q8GW/Z8UoYSPXH8B0RB2YLRg6Ww3R0eAAcoH7kkvSTLRFj h8GaxV0ta3;
In-reply-to: <C5ED7655.9EEF5%john_brzozowski at cable.comcast.com>
List-archive: <http://www.ietf.org/mail-archive/web/dhcwg>
List-help: <mailto:dhcwg-request@ietf.org?subject=help>
List-id: <dhcwg.ietf.org>
List-post: <mailto:dhcwg@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
References: <B00EDD615E3C5344B0FFCBA910CF7E1D06C0D96C at xmb-rtp-20e.amer.cisco.com> <C5ED7655.9EEF5%john_brzozowski at cable.comcast.com>
Thread-index: AcmjBR79e3NdqFdzS4qyaWghssD7QQJDav2QAAEHvIgAAB3fcA==
Thread-topic: [dhcwg] DHCPv6 router option

John,

Someone has already mentioned a "Rogue RA" situation.  Vista was
supposed to be a host but Vista began sending RA.  Why can't someone
hack Vista in a cable network behind a bridged IPv6 cable modem have
Vista send an RA sent to the CMTS? This is a rouge RA in the cable
DOCSIS network.

Hemant

-----Original Message-----
From: John Jason Brzozowski [mailto:john_brzozowski at cable.comcast.com] 
Sent: Monday, March 23, 2009 8:25 PM
To: Hemant Singh (shemant); Ralph Droms (rdroms); Ted Lemon
Cc: dhc WG; int-area at ietf.org
Subject: Re: [dhcwg] DHCPv6 router option

Hemant,

Do you think there is a case where a rogue RA would occur in a DOCSIS
network?  I am not sure I am following where you are going here.

Are you saying the another mechanism will now be required because a
default
router option will be sent via DHCPv6?  When a default router option is
sent
via DHCPv6 this value is generally administratively configured, what
form of
protection would be required?

John
=========================================
John Jason Brzozowski
Comcast Corporation
e) mailto:john_brzozowski at cable.comcast.com
m) 609-377-6594
=========================================


> From: Hemant Singh <shemant at cisco.com>
> Date: Mon, 23 Mar 2009 19:59:09 -0400
> To: Ralph Droms <rdroms at cisco.com>, Ted Lemon <Ted.Lemon at nominum.com>
> Cc: dhc WG <dhcwg at ietf.org>
> Subject: Re: [dhcwg] DHCPv6 router option
> 
>> * "RA guard" to filter and limit the scope of misconfigured RAs
>> * a DHCP option, to be sent with the initial DHCP message exchange,
>> signaling the host to ignore all future RAs
> 
>> We need to continue the discussion; let's focus on how to allow both
>> methods of configuration to coexist.
> 
> 
> Ralph,
> 
> You see one obvious problem here?  With only ND and RA we have a RA
> guard solution to deal with for rouge RAs or misconfigured RAs.  With
> DHCPv6 option now we have to think of two solutions for most such
> problems in an IPv6 network.  Interesting use of our times....
> 
> Hemant
> 
> 
> _______________________________________________
> dhcwg mailing list
> dhcwg at ietf.org
> https://www.ietf.org/mailman/listinfo/dhcwg

Follow-Ups:
- Re: [dhcwg] DHCPv6 router option
  - From: John Jason Brzozowski

References:
- Re: [dhcwg] DHCPv6 router option
  - From: Hemant Singh (shemant)
- Re: [dhcwg] DHCPv6 router option
  - From: John Jason Brzozowski

Prev by Date: Re: [dhcwg] DHCPv6 router option
Next by Date: Re: [dhcwg] DHCPv6 router option
Previous by thread: Re: [dhcwg] DHCPv6 router option
Next by thread: Re: [dhcwg] DHCPv6 router option
Index(es):
- Date
- Thread