Re: IPv6 Deployment for the LAN

[Owen DeLong <owen () delong com>]

On Oct 22, 2009, at 2:40 AM, Iljitsch van Beijnum wrote:

> On 21 okt 2009, at 22:48, Owen DeLong wrote:
>
> > The assumption that the router "knows" it is correct for every host  
> > on a given
> > LAN simply does not map to reality deployed today.
>
> What I'm saying is that a router knows whether it's a router or not.  
> A DHCP server does not, so it has to make a leap of faith and then  
> sometimes the hosts fall flat on their face if there's no router on  
> the address indicated by the DHCP server. The counter-argument is  
> "it works today" but my counter-counter-argument is "it doesn't work  
> today". I get burned by broken DHCP setups _all_ _the_ _time_ at  
> work, at IETF meetings, at RIPE meetings, etc.
And what I'm saying is that knowing you are a router is not  
sufficient.  A badly configured router will mess things up just as bad  
as a badly configured DHCP server.

> Anyone claiming that having a DHCP server direct hosts to a router  
> address in the blind is simply incompetetent, so there is no point  
> in listening to them.
The arrogance is just astounding.

> If, on the other hand, the REAL desire is to have a DHCP server  
> break the tie in the selection between several routers that  
> advertise their presence, that wouldn't be unreasonable.
The real desire is to have the ability for the group that administers  
hosts to retain authority over host configuration. Often, in the real  
world, this is not the same group as the group that manages the  
routers. There are many different reasons that some organizations  
consider this important. Strangely, despite your claim that all of  
these people are incompetent, their IPv4 networks continue to operate  
just fine.

> > Please explain to me how I can achieve this functionality in RA/SLAAC
> > or stop pushing to prevent it from being available in DHCPv6.
>
> There is no requirement that the IETF provides all functionality  
> that someone can think up. The list of desired functionality is  
> infinite, and much on that list is a bad idea and/or can be achieved  
> in different ways.
Sure, but, if we want people to accept IPv6, then, it needs to, at a  
bare minimum, provide feature parity with IPv4 in addition to at least  
the advantage of a larger address space.  If it contains additional  
features, that's great.  So far, it falls short at least in this area.

Hoping not to open an additional can of worms, but, I do limit this to  
FEATURE parity, so, for example, bugs like NAT do not need to be  
replicated.  Stateful inspection and stateful inspection firewalls  
that fail closed are needed, but, the protocol gives us everything we  
need to make that work, it's a software development issue at this  
point.  NAT is strictly a kludge on top of stateful inspection which  
automatically fails closed and thus has gained the illusion of being a  
security tool in IPv4 because many people cannot distinguish the two.

> > Seriously, we're all adults.  So treating us like children and  
> > taking away
> > the power tools is not appreciated.
>
> Stop trying to break the internet and I'll treat you like an adult.


And now, even more astounding arrogance.

No one is trying to break the internet.  People are, on the other  
hand, insisting that they retain certain capabilities to administer  
their own networks in the way THEY consider best, regardless of your  
arrogant idea of how they SHOULD administer their networks. Since  
their networks are working today in the manner they describe in IPv4,  
I can not accept your argument that their networks are broken.  
Further, the idea that it is possible to "break the internet" by  
giving administrators the option to assign router information from a  
DHCP server is simply absurd.

Owen