On Sun, 18 Oct 2009 09:03:12 +0100 Andy Davidson <a...@nosignal.org> wrote:
> > On 18 Oct 2009, at 01:55, Ray Soucy wrote: > > The only solution that lets us expand our roll out IPv6 to the edge > > without major changes to the production IPv4 network seems to point > > to making use of DHCPv6, so the effort has been focused there. > [...] > > Needless to say, the thought of being able to enable IPv6 on a per- > > host basis is met with far less resistance than opening up the > > floodgates and letting SLAAC take control. > > Hi, Roy -- > > Good summary, thanks for the write-up. > > I reluctantly just use SLAAC on our own office LANs because, we're > still quite a small and nimble team, therefore we can secure our > network against our SLAAC security concerns by locking down access to > the network. I realise this isn't going to work for everyone, as it > doesn't fit well for the security needs of your much larger campus > network. It also doesn't work for some of our customers who have DHCP > in their toolbox for provision certain hosting environments. > > DHCPv6 today lacks default-router option support, so you are left with > some pretty awful choices if you don't want to use the router > solicitation/advertisement, err, 'features' in SLAAC : > I'm curious what the issue is with not having a default-router option in DHCPv6? If it's because somebody could start up a rogue router and announce RAs, I think a rogue DHCPv6 server is (or will be) just as much a threat, if not more of one - I think it's more likely server OSes will include DHCPv6 servers than RA "servers". > - Static route on the device > - Actually, you could use the *same* link-local address to keep > this the same on all devices on your network, which you continue to > support long after a "better" protocol comes along. This reduces your > support overhead. > > - end user runs some routing protocol > - I don't want to give my router the extra work though. And it > feels like a stupid idea. And end user OSes don't tend to have them > installed. > > - Don't roll v6 beyond engineering teams, until something better > comes along > - Sadly, I think that this is the option people are taking. :-( > > I don't know the history of the process that led to DHCPv6 ending up > crippled, and I have to admit that it's not clear how I signal this > and to whom, but for the avoidance of doubt: this operator would like > his tools back please. Support default-routing options for DHCPv6 ! > > Andy > > > > > -- > Regards, Andy Davidson +44 (0)20 7993 1700 www.netsumo.com > NetSumo Specialist ISP/networks consultancy, Whitelabel 24/7 NOC > >
