On 01/03/2014 04:01 AM, Baldur Norddahl wrote:
On Fri, Jan 3, 2014 at 10:24 AM, Doug Barton <dougb@dougbarton.us> wrote:
And you still haven't provided an argument about why the default route should not be added to DHCPv6.
I was not arguing that it didn't. Just that the perceived problem is not real.
Your opinion is that rogue RAs are not a problem. I, and others, disagree with you on that; but since that's not really the problem I'm trying to solve we can agree to disagree. What I (and many, many others) have been saying for over a decade is that we need to have parity with DHCPv4 in DHCPv6 in order to allow organizations that like and use DHCP to use that as their exclusive method of configuring IPv6 clients. Often this is to match existing administrative boundaries, sometimes it's just a preference (one could even say prejudice) against SLAAC/RA, but regardless, that's what is needed.
However, I might be inclined to believe that default route in DHCPv6 is a bad idea. It is a confusing concept,
It's not confusing in any way. It matches the well known mechanism already in widespread use in DHCPv4.
since we already no less than three methods (*) to discover default route and you want to add a fourth.
The first 2 you mention are rarely used, and not even implemented in many, if not most clients. However the fact that there are so many ways to do it in IPv6 now is an example of the "Anything but DHCP!" mindset of the early IPng architects.
This would be something that needs to be implemented in every client, and thus will not really be usable for at least a decade.
Organizations that want this are prepared to do the work of making sure that their clients are upgraded, or wait to deploy IPv6 until it's available. For most existing organizations there is no urgency to deploy IPv6, their current infrastructure works for them. For those new organizations forced to deploy IPv6 they will be able to deploy new software that handles this option. ... and of course, the sooner we do it, the sooner it will be widely available.
By then everyone are used to RA.
It's been over a decade already, and not only have the security problems with RA not yet been solved in a robust way, people are not only not yet used to it, they are actively opposing it. Your optimism, while admirable, is misplaced here.
If you did add default route to DHCPv6, what is then supposed to happen to the other routes, that the client might discover?
You would configure the client not to do RS, and to ignore any RAs that it receives. Simple.
(*) prefix::, fe80:: and the one you get from RA.
Doug