nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: The stupidity of trying to "fix" DHCPv6

From: "Ricky Beam" <jfbeam () gmail com>
Date: Fri, 10 Jun 2011 16:24:58 -0400
On Fri, 10 Jun 2011 09:47:44 -0400, Leo Bicknell <bicknell () ufp org> wrote:

The point is, RA's are operationally fragile and DHCP is operationally
robust.
No. Both are just as fragile... if you haven't taken steps to protect them. If you aren't doing any sort of DHCP snooping, anyone can setup a rogue DHCP server and kill your network -- been there, laughed at them. Even my *home* lan has DHCP snooping configured.
The only question is support for "RA Guard" in your network hardware. A lot of old gear isn't going to support it. But DHCP was no different. 

--Ricky
PS: Don't read into this... I hate SLAAC and RA, more than most people. (it's been a bad idea from day one.)
Previous By Date Next
Previous By Thread Next

Current thread: