"Because RA assumes that all routers are created equal. Because RA is harder to filter. Because the bifercated approach to giving a host router/mask information and address information creates a number of unnecessary new security concerns."
Off the top of my head, the easiest answers are: Default Router Preference, well supported on hosts and routers, doesn't cover 100% of every corner case, but then again - nothing does :) RA Guard - push vendors to implement (otherwise, other monitoring/preventative measures are available - but 3rd party) And I still think the router is in a (much) better position to inform hosts about the router's and link's information than some server three hops ---> that way. /TJ -----Original Message----- From: Owen DeLong [mailto:o...@delong.com] Sent: Sunday, October 18, 2009 8:11 AM To: Nathan Ward Cc: NANOG Subject: Re: IPv6 Deployment for the LAN On Oct 18, 2009, at 3:05 AM, Nathan Ward wrote: > On 18/10/2009, at 11:02 PM, Andy Davidson wrote: > >> On 18 Oct 2009, at 09:29, Nathan Ward wrote: >> >>> RA is needed to tell a host to use DHCPv6 >> >> This is not ideal. > > Why? > Remember RA does not mean SLAAC, it just means RA. > > -- > Nathan Ward Because RA assumes that all routers are created equal. Because RA is harder to filter. Because the bifercated approach to giving a host router/mask information and address information creates a number of unnecessary new security concerns. I think those are the top 3. I can't think of the rest of the list off the top of my head as my brain still thinks it's 5 AM. Owen
