[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IPv6 Deployment for the LAN

Subject: IPv6 Deployment for the LAN
From: nanog at 85d5b20a518b8f6864949bd940457dc124746ddc.nosense.org (Mark Smith)
Date: Sun, 18 Oct 2009 18:52:47 +1030
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]>

On Sun, 18 Oct 2009 09:03:12 +0100
Andy Davidson <andy at nosignal.org> wrote:

> 
> On 18 Oct 2009, at 01:55, Ray Soucy wrote:
> > The only solution that lets us expand our roll out IPv6 to the edge  
> > without major changes to the production IPv4 network seems to point  
> > to making use of DHCPv6, so the effort has been focused there.
> [...]
> > Needless to say, the thought of being able to enable IPv6 on a per- 
> > host basis is met with far less resistance than opening up the  
> > floodgates and letting SLAAC take control.
> 
> Hi, Roy --
> 
> Good summary, thanks for the write-up.
> 
> I reluctantly just use SLAAC on our own office LANs because, we're  
> still quite a small and nimble team, therefore we can secure our  
> network against our SLAAC security concerns by locking down access to  
> the network.  I realise this isn't going to work for everyone, as it  
> doesn't fit well for the security needs of your much larger campus  
> network.  It also doesn't work for some of our customers who have DHCP  
> in their toolbox for provision certain hosting environments.
> 
> DHCPv6 today lacks default-router option support, so you are left with  
> some pretty awful choices if you don't want to use the router  
> solicitation/advertisement, err, 'features' in SLAAC :
> 

I'm curious what the issue is with not having a default-router option
in DHCPv6?

If it's because somebody could start up a rogue router and announce
RAs, I think a rogue DHCPv6 server is (or will be) just as much a
threat, if not more of one - I think it's more likely server OSes will
include DHCPv6 servers than RA "servers".


>   - Static route on the device
>     - Actually, you could use the *same* link-local address to keep  
> this the same on all devices on your network, which you continue to  
> support long after a "better" protocol comes along.  This reduces your  
> support overhead.
> 
>   - end user runs some routing protocol
>     - I don't want to give my router the extra work though.  And it  
> feels like a stupid idea.  And end user OSes don't tend to have them  
> installed.
> 
>   - Don't roll v6 beyond engineering teams, until something better  
> comes along
>     - Sadly, I think that this is the option people are taking. :-(
> 
> I don't know the history of the process that led to DHCPv6 ending up  
> crippled, and I have to admit that it's not clear how I signal this  
> and to whom, but for the avoidance of doubt: this operator would like  
> his tools back please.  Support default-routing options for DHCPv6 !
> 
> Andy
> 
> 
> 
> 
> -- 
> Regards, Andy Davidson    +44 (0)20 7993 1700    www.netsumo.com
> NetSumo Specialist ISP/networks consultancy, Whitelabel 24/7 NOC
> 
>

Follow-Ups:
- IPv6 Deployment for the LAN
  - From: nanog at daork.net (Nathan Ward)
- IPv6 Deployment for the LAN
  - From: andy at nosignal.org (Andy Davidson)
- IPv6 Deployment for the LAN
  - From: mohacsi at niif.hu (Mohacsi Janos)

References:
- IPv6 Deployment for the LAN
  - From: rps at maine.edu (Ray Soucy)
- IPv6 Deployment for the LAN
  - From: andy at nosignal.org (Andy Davidson)

Prev by Date: IPv6 Deployment for the LAN
Next by Date: IPv6 Deployment for the LAN
Previous by thread: IPv6 Deployment for the LAN
Next by thread: IPv6 Deployment for the LAN
Index(es):
- Date
- Thread