nanog mailing list archives

Re: The stupidity of trying to "fix" DHCPv6

From: Tim Chown <tjc () ecs soton ac uk>
Date: Fri, 10 Jun 2011 11:40:58 +0100


On 10 Jun 2011, at 11:20, Iljitsch van Beijnum wrote:

On 10 jun 2011, at 12:10, sthaug () nethelp no wrote:

So where do I point out the stupidity of trying to fix this non-brokenness?

Several large operators have said, repeatedly, that they want to use
DHCPv6 without RA. I disagree that this is stupid.


It is a mistake to want this, because having the router tell you who the router is gives you fait sharing so less 
breakage. It's also unnecessary because you still need cooperation from your switches to be safe from rogue DHCPv6 
servers even if you go visit all your hosts and turn off stateless autoconfig in an effort to thwart rogue RAs.

But it's stupid to want to change DHCPv6 just now the last major OS is about to start supporting it. That continues 
the current situation where anyone who isn't happy with autoconfig-only can't make a configuration that works will 
all major OSes.


Well, remember that, from Google's estimate, only 0.3% of the access networks are IPv6 capable, so there's still 99.7% 
to deploy.  But yes, any changes to add features a la draft-droms-dhc-dhcpv6-default-router-00 would take time, and 
support in the IETF seems minimal.

We're planning to use DHCPv6 and RA (with no prefixes, only for the
link local next hop). This is more complex than using DHCPv6 alone,
without RA, would be.


It is. It's also more robust. And doing this is less complex than trying to change DHCPv6 so you get to use a less 
complex system in the future after a complex transition.


The focus right now should be on getting the existing RA+DHCPv6 to work as intended, and to validate the model within 
the 0.3% base.  I don't buy that a transition from RA+DHCP to DHCP-only is particularly complex though.  Turn off the 
RAs and let DHCP do it's (extra) things.  However, you'd then need to know that every device you want to network 
supports that new DHCP-only operation, and that will be some time off, if it happens at all.

Standing back a little, I can see an argument that IPv6 would be an easier 'sell' if there were two modes of operation, 
one with only RAs, and one with only DHCPv6.

Tim

Current thread:

Re: Cogent IPv6, (continued)
- - - Re: Cogent IPv6 Owen DeLong (Jun 09)
    - Re: Cogent IPv6 Chuck Anderson (Jun 09)
    - Re: Cogent IPv6 sthaug (Jun 09)
    - Re: Cogent IPv6 Iljitsch van Beijnum (Jun 09)
    - Re: Cogent IPv6 Ray Soucy (Jun 09)
    - Re: Cogent IPv6 Nick Hilliard (Jun 09)
    - Re: Cogent IPv6 Ray Soucy (Jun 09)
    - The stupidity of trying to "fix" DHCPv6 Iljitsch van Beijnum (Jun 10)
    - Re: The stupidity of trying to "fix" DHCPv6 sthaug (Jun 10)
    - Re: The stupidity of trying to "fix" DHCPv6 Iljitsch van Beijnum (Jun 10)
    - Message not available
    - Re: The stupidity of trying to "fix" DHCPv6 Tim Chown (Jun 10)
    - Re: The stupidity of trying to "fix" DHCPv6 Iljitsch van Beijnum (Jun 10)
    - Re: The stupidity of trying to "fix" DHCPv6 Tim Franklin (Jun 10)
    - Re: The stupidity of trying to "fix" DHCPv6 Ray Soucy (Jun 10)
    - Re: The stupidity of trying to "fix" DHCPv6 Bjoern A. Zeeb (Jun 10)
    - Re: The stupidity of trying to "fix" DHCPv6 sthaug (Jun 10)
    - Re: The stupidity of trying to "fix" DHCPv6 Leo Bicknell (Jun 10)
    - Re: The stupidity of trying to "fix" DHCPv6 Ray Soucy (Jun 10)
    - Re: The stupidity of trying to "fix" DHCPv6 Leo Bicknell (Jun 10)
    - Re: The stupidity of trying to "fix" DHCPv6 Ray Soucy (Jun 10)
    - Re: The stupidity of trying to "fix" DHCPv6 Iljitsch van Beijnum (Jun 10)

(Thread continues...)