nanog mailing list archives
Re: {SPAM?} Re: IPv6 Deployment for the LAN
From: Leo Bicknell <bicknell () ufp org>
Date: Thu, 22 Oct 2009 12:29:30 -0700
In a message written on Thu, Oct 22, 2009 at 03:23:13PM -0400, Ray Soucy wrote:
If the argument against RA being used to provide gateway information is "rogue RA," then announcing gateway information though the use of DHCPv6 doesn't solve anything. Sure you'll get around rogue RA, but you'll still have to deal with rogue DHCPv6. So what is gained?
It's a huge difference, and any conference network shows it. Let's assume 400 people come into a room, get up and working (with DHCPv4, and IPv6 RA's). Someone now introduces a rogue IPv4 server. Who breaks? Anyone who requests a new lease. That is 400 people keep working just fine. Now, someone introduces a roge RA. Who breaks? All 400 users are instantly down. More importantly, there is another class of misconfigured device. I plugged in a Cisco router to download new code to it on our office network. It had a DHCP forward statement, and IPv6. It was from another site. The DHCP forward didn't work, it pointed to something non-existant that also was never configured for the local subnet. There was zero chance of IPv4 interfearance. The IPv6 network picked up the RA to a router with no routes though, and so simply plugging in the old router took down the entire office network. The operational threats of a DHCP based network and a RA based network are quite different. Try it on your own network. -- Leo Bicknell - bicknell () ufp org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/
Attachment:
_bin
Description:
Current thread:
- Re: IPv6 Deployment for the LAN, (continued)
- Re: IPv6 Deployment for the LAN Owen DeLong (Oct 22)
- Re: IPv6 Deployment for the LAN Kevin Loch (Oct 22)
- Re: IPv6 Deployment for the LAN David Conrad (Oct 22)
- RE: IPv6 Deployment for the LAN Tony Hain (Oct 22)
- Re: IPv6 Deployment for the LAN David Conrad (Oct 22)
- Re: IPv6 Deployment for the LAN Iljitsch van Beijnum (Oct 22)
- Re: IPv6 Deployment for the LAN Adrian Chadd (Oct 22)
- Re: IPv6 Deployment for the LAN Owen DeLong (Oct 22)
- Re: IPv6 Deployment for the LAN sthaug (Oct 22)
- Re: {SPAM?} Re: IPv6 Deployment for the LAN Ray Soucy (Oct 22)
- Re: {SPAM?} Re: IPv6 Deployment for the LAN Leo Bicknell (Oct 22)
- Re: {SPAM?} Re: IPv6 Deployment for the LAN Ray Soucy (Oct 22)
- Re: {SPAM?} Re: IPv6 Deployment for the LAN Leo Bicknell (Oct 22)
- Re: {SPAM?} Re: IPv6 Deployment for the LAN Ray Soucy (Oct 22)
- Re: {SPAM?} Re: IPv6 Deployment for the LAN Chuck Anderson (Oct 22)
- Re: {SPAM?} Re: IPv6 Deployment for the LAN Ray Soucy (Oct 22)
- Re: {SPAM?} Re: IPv6 Deployment for the LAN John Payne (Oct 22)
- Re: IPv6 Deployment for the LAN Dan White (Oct 22)
- Re: {SPAM?} Re: IPv6 Deployment for the LAN David W. Hankins (Oct 22)
- Re: {SPAM?} Re: IPv6 Deployment for the LAN Perry Lorier (Oct 22)
- Re: {SPAM?} Re: IPv6 Deployment for the LAN David W. Hankins (Oct 23)