"> RA is needed to tell a host to use DHCPv6
This is not ideal."
That is entirely a matter of opinion, and one frequently debated still.
FWLIW - I think RAs are a perfectly fine way to distribute information about
the router itself, and to provide hints about the environment (e.g. - "Yes,
we do Stateful DHCPv6 here ("+M", and "+O' as well" ...)
/TJ
-----Original Message-----
From: Andy Davidson [mailto:a...@nosignal.org]
Sent: Sunday, October 18, 2009 6:02 AM
To: NANOG list
Subject: Re: IPv6 Deployment for the LAN
On 18 Oct 2009, at 09:22, Mark Smith wrote:
> If it's because somebody could start up a rogue router and announce
> RAs, I think a rogue DHCPv6 server is (or will be) just as much a
> threat, if not more of one - I think it's more likely server OSes
> will include DHCPv6 servers than RA "servers".
Disagree - rogue offers affect people without a lease, so the impact
of an attack is not immediate. Filtering DHCP on v4 is well
understood, an update to current operational practice rather than a
new system.
On 18 Oct 2009, at 09:29, Nathan Ward wrote:
> RA is needed to tell a host to use DHCPv6
This is not ideal.
Andy
