RE: IPv6 Deployment for the LAN

["TJ" <trejrco () gmail com>]

"> RA is needed to tell a host to use DHCPv6
This is not ideal."

That is entirely a matter of opinion, and one frequently debated still.

FWLIW - I think RAs are a perfectly fine way to distribute information about
the router itself, and to provide hints about the environment (e.g. - "Yes,
we do Stateful DHCPv6 here ("+M", and "+O' as well" ...)


/TJ



-----Original Message-----
From: Andy Davidson [mailto:andy () nosignal org] 
Sent: Sunday, October 18, 2009 6:02 AM
To: NANOG list
Subject: Re: IPv6 Deployment for the LAN


On 18 Oct 2009, at 09:22, Mark Smith wrote:

> If it's because somebody could start up a rogue router and announce  
> RAs, I think a rogue DHCPv6 server is (or will be) just as much a  
> threat, if not more of one - I think it's more likely server OSes  
> will include DHCPv6 servers than RA "servers".

Disagree - rogue offers affect people without a lease, so the impact  
of an attack is not immediate.  Filtering DHCP on v4 is well  
understood, an update to current operational practice rather than a  
new system.


On 18 Oct 2009, at 09:29, Nathan Ward wrote:

> RA is needed to tell a host to use DHCPv6

This is not ideal.

Andy