nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IPv6 Security [Was: Re: misunderstanding scale]

From: Chuck Anderson <cra () WPI EDU>
Date: Wed, 26 Mar 2014 20:50:40 -0400
On Wed, Mar 26, 2014 at 06:52:53PM -0500, Timothy Morizot wrote:

On Mar 26, 2014 6:27 PM, "Luke S. Crawford" <lsc () prgmr com> wrote:

My original comment and complaint, though, was in response to the

assertion that DHCPv6 is as robust as DHCPv4.   My point is that DHCPv6
does not fill the role that DHCPv4 fills, if you care about tying an IP to
a MAC and you want that connection to persist across OS installs by
customers.

You're right. DHCPv6 is more robust than DHCPv4. At least those of us in
the enterprise space appreciate a client identifier that doesn't change
when the hardware changes.


No, it is LESS robust, because the client identifier changes when the
SOFTWARE changes.  Around here, software changes MUCH more often than
hardware.  Heck, even a dual-boot scenario breaks the client
identifier stability.  Worse yet, DHCPv6 has created a scenario where
a client's IPv4 connectivity and IPv6 connectivity break under
/different/ scenarios, causing difficult-to-troubleshoot
half-connectivity issues when either the hardware is replaced or the
software is reloaded.
Previous By Date Next
Previous By Thread Next

Current thread: