nanog mailing list archives
RE: IPv6 Deployment for the LAN
From: "TJ" <trejrco () gmail com>
Date: Sun, 18 Oct 2009 08:27:01 -0400
"Because RA assumes that all routers are created equal. Because RA is harder to filter. Because the bifercated approach to giving a host router/mask information and address information creates a number of unnecessary new security concerns." Off the top of my head, the easiest answers are: Default Router Preference, well supported on hosts and routers, doesn't cover 100% of every corner case, but then again - nothing does :) RA Guard - push vendors to implement (otherwise, other monitoring/preventative measures are available - but 3rd party) And I still think the router is in a (much) better position to inform hosts about the router's and link's information than some server three hops ---> that way. /TJ -----Original Message----- From: Owen DeLong [mailto:owen () delong com] Sent: Sunday, October 18, 2009 8:11 AM To: Nathan Ward Cc: NANOG Subject: Re: IPv6 Deployment for the LAN On Oct 18, 2009, at 3:05 AM, Nathan Ward wrote:
On 18/10/2009, at 11:02 PM, Andy Davidson wrote:On 18 Oct 2009, at 09:29, Nathan Ward wrote:RA is needed to tell a host to use DHCPv6This is not ideal.Why? Remember RA does not mean SLAAC, it just means RA. -- Nathan Ward
Because RA assumes that all routers are created equal. Because RA is harder to filter. Because the bifercated approach to giving a host router/mask information and address information creates a number of unnecessary new security concerns. I think those are the top 3. I can't think of the rest of the list off the top of my head as my brain still thinks it's 5 AM. Owen
Current thread:
- Re: IPv6 Deployment for the LAN, (continued)
- Re: IPv6 Deployment for the LAN Clue Store (Oct 17)
- Re: IPv6 Deployment for the LAN Andy Davidson (Oct 18)
- Re: IPv6 Deployment for the LAN Mark Smith (Oct 18)
- Re: IPv6 Deployment for the LAN Nathan Ward (Oct 18)
- Re: IPv6 Deployment for the LAN Chuck Anderson (Oct 18)
- Re: IPv6 Deployment for the LAN Nathan Ward (Oct 18)
- RE: IPv6 Deployment for the LAN TJ (Oct 18)
- Re: IPv6 Deployment for the LAN Mark Smith (Oct 18)
- Re: IPv6 Deployment for the LAN Andy Davidson (Oct 18)
- Re: IPv6 Deployment for the LAN Nathan Ward (Oct 18)
- Re: IPv6 Deployment for the LAN Owen DeLong (Oct 18)
- RE: IPv6 Deployment for the LAN TJ (Oct 18)
- Re: IPv6 Deployment for the LAN Nathan Ward (Oct 18)
- Re: IPv6 Deployment for the LAN Kevin Loch (Oct 18)
- Re: {SPAM?} Re: IPv6 Deployment for the LAN Ray Soucy (Oct 18)
- RE: {SPAM?} Re: IPv6 Deployment for the LAN TJ (Oct 18)
- Re: {SPAM?} Re: IPv6 Deployment for the LAN Ray Soucy (Oct 18)
- RE: IPv6 Deployment for the LAN TJ (Oct 18)
- Re: IPv6 Deployment for the LAN Kevin Loch (Oct 18)
- Re: IPv6 Deployment for the LAN Chuck Anderson (Oct 18)
- Re: IPv6 Deployment for the LAN Nick Hilliard (Oct 18)
- RE: IPv6 Deployment for the LAN TJ (Oct 18)