Nathan Ward wrote:
On 19/10/2009, at 1:10 AM, Owen DeLong wrote:
On Oct 18, 2009, at 3:05 AM, Nathan Ward wrote:
On 18/10/2009, at 11:02 PM, Andy Davidson wrote:
On 18 Oct 2009, at 09:29, Nathan Ward wrote:
RA is needed to tell a host to use DHCPv6
This is not ideal.
Why? Remember RA does not mean SLAAC, it just means RA.
Because RA assumes that all routers are created equal.
RFC4191
In some cases different devices on a segment need a different default router (for default). This is the fundamental problem with RA's, they shotgun the entire segment.
Because RA is harder to filter.
DHCP in IPv4 was hard to filter before vendors implemented it, too.
Because the bifercated approach to giving a host router/mask information and address information creates a number of unnecessary new security concerns.
Security concerns would be useful to explore. Can you expand on this?
What would be useful would be having the option to give a default router to a dhcpv6 client, and having vrrpv6 work without RA's. Why can't we have those options in our toolbox in addition to this continuously evolving RA+hacks? - Kevin