[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [dhcwg] DHCPv6 router option

Router advertisements from a CPE behind a cable modem can be prevent using
various DOCSIS techniques.

John
=========================================
John Jason Brzozowski
Comcast Corporation
e) mailto:john_brzozowski at cable.comcast.com
m) 609-377-6594
=========================================


> From: Hemant Singh <shemant at cisco.com>
> Date: Mon, 23 Mar 2009 20:31:34 -0400
> To: "Brzozowski, John" <john_brzozowski at cable.comcast.com>, Ralph Droms
> <rdroms at cisco.com>, Ted Lemon <Ted.Lemon at nominum.com>
> Cc: dhc WG <dhcwg at ietf.org>, <int-area at ietf.org>
> Subject: RE: [dhcwg] DHCPv6 router option
> 
> John,
> 
> Someone has already mentioned a "Rogue RA" situation.  Vista was
> supposed to be a host but Vista began sending RA.  Why can't someone
> hack Vista in a cable network behind a bridged IPv6 cable modem have
> Vista send an RA sent to the CMTS? This is a rouge RA in the cable
> DOCSIS network.
> 
> Hemant
> 
> -----Original Message-----
> From: John Jason Brzozowski [mailto:john_brzozowski at cable.comcast.com]
> Sent: Monday, March 23, 2009 8:25 PM
> To: Hemant Singh (shemant); Ralph Droms (rdroms); Ted Lemon
> Cc: dhc WG; int-area at ietf.org
> Subject: Re: [dhcwg] DHCPv6 router option
> 
> Hemant,
> 
> Do you think there is a case where a rogue RA would occur in a DOCSIS
> network?  I am not sure I am following where you are going here.
> 
> Are you saying the another mechanism will now be required because a
> default
> router option will be sent via DHCPv6?  When a default router option is
> sent
> via DHCPv6 this value is generally administratively configured, what
> form of
> protection would be required?
> 
> John
> =========================================
> John Jason Brzozowski
> Comcast Corporation
> e) mailto:john_brzozowski at cable.comcast.com
> m) 609-377-6594
> =========================================
> 
> 
>> From: Hemant Singh <shemant at cisco.com>
>> Date: Mon, 23 Mar 2009 19:59:09 -0400
>> To: Ralph Droms <rdroms at cisco.com>, Ted Lemon <Ted.Lemon at nominum.com>
>> Cc: dhc WG <dhcwg at ietf.org>
>> Subject: Re: [dhcwg] DHCPv6 router option
>> 
>>> * "RA guard" to filter and limit the scope of misconfigured RAs
>>> * a DHCP option, to be sent with the initial DHCP message exchange,
>>> signaling the host to ignore all future RAs
>> 
>>> We need to continue the discussion; let's focus on how to allow both
>>> methods of configuration to coexist.
>> 
>> 
>> Ralph,
>> 
>> You see one obvious problem here?  With only ND and RA we have a RA
>> guard solution to deal with for rouge RAs or misconfigured RAs.  With
>> DHCPv6 option now we have to think of two solutions for most such
>> problems in an IPv6 network.  Interesting use of our times....
>> 
>> Hemant
>> 
>> 
>> _______________________________________________
>> dhcwg mailing list
>> dhcwg at ietf.org
>> https://www.ietf.org/mailman/listinfo/dhcwg
> 
>