RE: IPv6 Deployment for the LAN

["TJ" <trejrco () gmail com>]

"Because RA assumes that all routers are created equal.
Because RA is harder to filter.
Because the bifercated approach to giving a host router/mask information and
address information creates a number of unnecessary new security concerns."

Off the top of my head, the easiest answers are:
Default Router Preference, well supported on hosts and routers, doesn't
cover 100% of every corner case, but then again - nothing does :)
RA Guard - push vendors to implement  (otherwise, other
monitoring/preventative measures are available - but 3rd party)
And I still think the router is in a (much) better position to inform hosts
about the router's and link's information than some server three hops --->
that way.


/TJ
-----Original Message-----
From: Owen DeLong [mailto:owen () delong com] 
Sent: Sunday, October 18, 2009 8:11 AM
To: Nathan Ward
Cc: NANOG
Subject: Re: IPv6 Deployment for the LAN


On Oct 18, 2009, at 3:05 AM, Nathan Ward wrote:

> On 18/10/2009, at 11:02 PM, Andy Davidson wrote:
>
> > On 18 Oct 2009, at 09:29, Nathan Ward wrote:
> >
> > > RA is needed to tell a host to use DHCPv6
> >
> > This is not ideal.
>
> Why?
> Remember RA does not mean SLAAC, it just means RA.
>
> --
> Nathan Ward

Because RA assumes that all routers are created equal.
Because RA is harder to filter.
Because the bifercated approach to giving a host router/mask  
information and address information
        creates a number of unnecessary new security concerns.
        
I think those are the top 3.  I can't think of the rest of the list  
off the top of my head as my
brain still thinks it's 5 AM.

Owen