Re: The stupidity of trying to "fix" DHCPv6

[Iljitsch van Beijnum <iljitsch () muada com>]

On 10 jun 2011, at 12:10, sthaug () nethelp no wrote:

> > So where do I point out the stupidity of trying to fix this non-brokenness?

> Several large operators have said, repeatedly, that they want to use
> DHCPv6 without RA. I disagree that this is stupid.

It is a mistake to want this, because having the router tell you who the router is gives you fait sharing so less 
breakage. It's also unnecessary because you still need cooperation from your switches to be safe from rogue DHCPv6 
servers even if you go visit all your hosts and turn off stateless autoconfig in an effort to thwart rogue RAs.

But it's stupid to want to change DHCPv6 just now the last major OS is about to start supporting it. That continues the 
current situation where anyone who isn't happy with autoconfig-only can't make a configuration that works will all 
major OSes.

> We're planning to use DHCPv6 and RA (with no prefixes, only for the
> link local next hop). This is more complex than using DHCPv6 alone,
> without RA, would be.

It is. It's also more robust. And doing this is less complex than trying to change DHCPv6 so you get to use a less 
complex system in the future after a complex transition.