nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: The stupidity of trying to "fix" DHCPv6

From: "Matthew Reath" <matt () mattreath com>
Date: Fri, 10 Jun 2011 22:36:40 -0500


This is "different types of networks and network users" and also different
operational, administrative, and security domains.

I am also getting frustrated with the endless discussions that could be
immediately shortened by "tinkering with DHCP" to add one or two
additional options -- a minimal cost process.  Why is the argument not
about business needs instead of technical purity?



I'd have to agree with this. Although from a technical standpoint RA Guard
would be a plausible solution to the rogue RA problem. However, the bigger
issue seems to be the mixing of what used to be managed by different
groups. Now you have IP transport folks implementing parameters sent to
client machines or routers. Less than ideal probably.

What are the current options for a company to disable RA messages,
implement RAGuard, and force clients/routers to use DHCPv6 or static
assignment for IPv6 addresses? I believe ignoring M and O bits would break
standard though - but what if they never get sent?

I know on Cisco you can suppress the RA, but not sure if you can force
most clients to make DHCPv6 requests instead of listen for RAs.


--
Matt Reath
CCIE #27316 (SP)
matt () mattreath com | http://mattreath.com
Twitter: http://twitter.com/mpreath
Previous By Date Next
Previous By Thread Next

Current thread: