IPv6 Deployment for the LAN

[kloch at kl.net (Kevin Loch)]

Nathan Ward wrote:
> 
> On 19/10/2009, at 1:10 AM, Owen DeLong wrote:
> 
>> On Oct 18, 2009, at 3:05 AM, Nathan Ward wrote:
>>
>>> On 18/10/2009, at 11:02 PM, Andy Davidson wrote:
>>>
>>>> On 18 Oct 2009, at 09:29, Nathan Ward wrote:
>>>>
>>>>> RA is needed to tell a host to use DHCPv6
>>>>
>>>> This is not ideal.
>>>
>>> Why?
>>> Remember RA does not mean SLAAC, it just means RA.
>>
>> Because RA assumes that all routers are created equal.
> 
> RFC4191

In some cases different devices on a segment need a different
default router (for default).  This is the fundamental
problem with RA's, they shotgun the entire segment.

> 
>> Because RA is harder to filter.
> 
> DHCP in IPv4 was hard to filter before vendors implemented it, too.
> 
>> Because the bifercated approach to giving a host router/mask 
>> information and address information
>>     creates a number of unnecessary new security concerns.
> 
> Security concerns would be useful to explore. Can you expand on this?

What would be useful would be having the option to give a default
router to a dhcpv6 client, and having vrrpv6 work without RA's.
Why can't we have those options in our toolbox in addition to
this continuously evolving RA+hacks?

- Kevin