On 19/02/2009, at 10:07 AM, Leo Bicknell wrote:
In a message written on Thu, Feb 19, 2009 at 10:00:48AM +1300, Nathan Ward wrote:
The point I am making is that the solution is still the same - filtering in ethernet devices.
No.
I agree that in some enviornments DHCPv4/DHCPv6/RA filtering are going to be a requirement. If I was running the NANOG network, or a campus network for college students I would insist on such.
However, there are many enviornments where that is not a justified expense. At home I have a dumb, unmanaged switch which serves my family just fine. I'd rather like it that if I plug in an unconfigured router to configure it for something that it not take my wife offline. The DHCPv4 model works great for this, there are no issues and I don't need a managed switch.
Perhaps, and I am thinking out loud here, "SOHO" switches could include code to allow RA messages only from their "uplink" port, and wireless APs only from their "Ethernet" port. That doesn't require full understanding of IPv6, it would be trivial to code matching about 6 different bytes. Maybe throw a physical switch labelled "Router this way" on the side of the box just like the "crossover" toggle switches. Sure, this would not work for every situation, but it would do fine for a large number of home networking environments. Also perhaps the DHCPv6 thing I talked about in my message I just sent - the ignore RA option.
IPv6 takes that option away from me. My only option is an expensive upgrade to the switch and a bunch of manual configuration.
DHCPv6 needs to be fixed before it is deployed. Dependance on RA's needs to be removed, and a standard option for a default route needs to be added.
It will be good to see your support in IETF for drafts that are proposing this! -- Nathan Ward