On 18 Oct 2009, at 01:55, Ray Soucy wrote:
The only solution that lets us expand our roll out IPv6 to the edge
without major changes to the production IPv4 network seems to point
to making use of DHCPv6, so the effort has been focused there.
[...]
Needless to say, the thought of being able t
On Sun, 18 Oct 2009 09:03:12 +0100
Andy Davidson wrote:
>
> On 18 Oct 2009, at 01:55, Ray Soucy wrote:
> > The only solution that lets us expand our roll out IPv6 to the edge
> > without major changes to the production IPv4 network seems to point
> > to making use of DHCPv6, so the effort ha
On 18/10/2009, at 9:03 PM, Andy Davidson wrote:
I don't know the history of the process that led to DHCPv6 ending up
crippled, and I have to admit that it's not clear how I signal this
and to whom, but for the avoidance of doubt: this operator would
like his tools back please. Support defa
On 18/10/2009, at 9:22 PM, Mark Smith wrote:
I'm curious what the issue is with not having a default-router option
in DHCPv6?
This mechanism is provided by RA.
RA is needed to tell a host to use DHCPv6, so RA is going to be there
whenever you have DHCPv6.
There's no point putting a default r
On Sun, Oct 18, 2009 at 09:29:41PM +1300, Nathan Ward wrote:
> Perhaps, but if you're operating a LAN segment you're going to want to
> filter rouge RA and DHCPv6 messages from your network, just like you do
> with DHCP in IPv4.
> Filtering RA and DHCPv6 are done in very similar ways.
Unfortuna
On 18/10/2009, at 9:52 PM, Chuck Anderson wrote:
On Sun, Oct 18, 2009 at 09:29:41PM +1300, Nathan Ward wrote:
Perhaps, but if you're operating a LAN segment you're going to want
to
filter rouge RA and DHCPv6 messages from your network, just like
you do
with DHCP in IPv4.
Filtering RA and DH
On 18 Oct 2009, at 09:22, Mark Smith wrote:
If it's because somebody could start up a rogue router and announce
RAs, I think a rogue DHCPv6 server is (or will be) just as much a
threat, if not more of one - I think it's more likely server OSes
will include DHCPv6 servers than RA "servers".
On 18/10/2009, at 11:02 PM, Andy Davidson wrote:
On 18 Oct 2009, at 09:29, Nathan Ward wrote:
RA is needed to tell a host to use DHCPv6
This is not ideal.
Why?
Remember RA does not mean SLAAC, it just means RA.
--
Nathan Ward
"This is a real problem even for people who are not using IPv6 right now and
have no desire to use IPv6 yet, because Rogue RAs will redirect all IPv6
traffic to a rogue
box on the LAN"
Answer = "RA Guard" - push your vendor-of-choice to implement it :).
/TJ
-Original Message-
From: C
"> RA is needed to tell a host to use DHCPv6
This is not ideal."
That is entirely a matter of opinion, and one frequently debated still.
FWLIW - I think RAs are a perfectly fine way to distribute information about
the router itself, and to provide hints about the environment (e.g. - "Yes,
we do S
On Oct 18, 2009, at 3:05 AM, Nathan Ward wrote:
On 18/10/2009, at 11:02 PM, Andy Davidson wrote:
On 18 Oct 2009, at 09:29, Nathan Ward wrote:
RA is needed to tell a host to use DHCPv6
This is not ideal.
Why?
Remember RA does not mean SLAAC, it just means RA.
--
Nathan Ward
Because RA
"Because RA assumes that all routers are created equal.
Because RA is harder to filter.
Because the bifercated approach to giving a host router/mask information and
address information creates a number of unnecessary new security concerns."
Off the top of my head, the easiest answers are:
Default
On 19/10/2009, at 1:10 AM, Owen DeLong wrote:
On Oct 18, 2009, at 3:05 AM, Nathan Ward wrote:
On 18/10/2009, at 11:02 PM, Andy Davidson wrote:
On 18 Oct 2009, at 09:29, Nathan Ward wrote:
RA is needed to tell a host to use DHCPv6
This is not ideal.
Why?
Remember RA does not mean SLAAC
Nathan Ward wrote:
On 19/10/2009, at 1:10 AM, Owen DeLong wrote:
On Oct 18, 2009, at 3:05 AM, Nathan Ward wrote:
On 18/10/2009, at 11:02 PM, Andy Davidson wrote:
On 18 Oct 2009, at 09:29, Nathan Ward wrote:
RA is needed to tell a host to use DHCPv6
This is not ideal.
Why?
Remember RA
I generally agree with the design of RA and using DHPCv6 as a
supplement to it. The problems here seem to be more along the lines
of implementation in clients. I suspect it will take some time for
the dust to settle and vendors to get their act together.
I notice that Cisco has a "prefix no-auto
I have tried contacting PALM through their listed contact phone numbers and by
email to their postmaster, all to no avail.
I am having problems with their SMTP servers being unable to communicate with
my domain configured SMTP server using Mxed addessing (ie, to
kmedc...@dessus.com) although s
> In some cases different devices on a segment need a different
> default router (for default). This is the fundamental
This capability is also defined, "more specific routes" - but no one
encouraged any vendors that I know of to support it - so they don't. Big
demand?
> problem with RA's, the
> I notice that Cisco has a "prefix no-autoconfig" statement in some
Yes, advertise it as on-link but not suitable for autoconfig.
You would want to do this (along with the M & O bits) for a stateful-DHCPv6
segment ...
> >From what I've been told, Cisco is actively working on RA-gaurd for
> t
> And not just Cisco, IIRC it is an open standard anyone can implement ... ?
Here is the work being done on RA-Gaurd:
http://tools.ietf.org/html/draft-ietf-v6ops-ra-guard-03
--
Ray Soucy
Communications Specialist
+1 (207) 561-3526
Communications and Network Services
University of Maine Syste
On 18/10/2009 11:05, Nathan Ward wrote:
Remember RA does not mean SLAAC, it just means RA.
This is not ideal because two protocols are being mandated instead of just
one: RA for client-side autoconfiguration and DHCPv6 for everything else.
This is pointless. We have a good working model in
Hi Everyone:
On behalf of Merit, the NANOG SC, PC and MLC we remind you to take advantage of
the 2009 Election process.
The 2009 SC and Charter amendments Elections are now open, and will remain open
until closing at 09:15 EDT on Wednesday, 10-21-09.
The Ballot is linked from
http://nanog.or
TJ wrote:
In some cases different devices on a segment need a different
default router (for default). This is the fundamental
This capability is also defined, "more specific routes" - but no one
encouraged any vendors that I know of to support it - so they don't. Big
demand?
by "Default" I
> > Remember RA does not mean SLAAC, it just means RA.
>
> This is not ideal because two protocols are being mandated instead of
> just
> one: RA for client-side autoconfiguration and DHCPv6 for everything
> else.
Um, DHCPv6 does configure the client - perhaps not until the +M or +O option
is rec
Thought this off-list reply would be of interest to many here:
On Sun, Oct 18, 2009 at 1:43 PM, Daniel G. Kluge wrote:
> Hello Ray,
> on the Subject on DHCPv6 for MacOS, there were some discussions on the
> IPv6-dev lists on Apple, with the usual comment from Apple engineers, that
> they are not
TJ wrote:
It is still the router, a piece of managed infrastructure sending out the
information - not like we are encouraging hosts to make up their own prefix
info here ... and hosts choosing the low-order bits shouldn't matter that
much.
But that's the fatal flaw of autoconfiguration. "Hosts
On Oct 17, 2009, at 8:55 PM, Ray Soucy wrote:
Looking for general feedback on IPv6 deployment to the edge.
As it turns out delivering IPv6 to the edge in an academic setting has
been a challenge. Common wisdom says to rely on SLAAC for IPv6
addressing, and in a perfect world it would make sen
Thanks for the response, if only to force me put my thoughts down into words.
On Sun, Oct 18, 2009 at 4:28 PM, Steven Bellovin wrote:
> ...
>
> My question is this: what are your goals? What are you trying to achieve?
> Force all authorized machines to register? If so, why? We'll leave out
>
Here's my notes from tonight's Community Meeting from
NANOG47. Short and sweet, for those who couldn't
attend in person. :)
Matt
2009.10.18 NANOG 47 community meeting notes
NOTES:
Joe Provo calls the meeting to order at 1740 hours
Eastern Time.
Welcome to Dearborn, haven't been here since
N
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yo Keith!
On Sun, 18 Oct 2009, Keith Medcalf wrote:
> I have tried contacting PALM through their listed contact phone
> numbers and by email to their postmaster, all to no avail.
Contact me off list. I have been working this problem for over a mont
On Sun, Oct 18, 2009 at 01:29:54PM -0400, TJ wrote:
> You say hacks, others see it as relatively-speaking simple additions of more
> functionality.
> You can define any options you want for DHCPv6, write a draft and get
> community support.
> I don't see how that ("continuously evolving DHCPv6 hack
30 matches
Mail list logo
