In a message written on Fri, Jun 10, 2011 at 09:57:07PM +0200, Iljitsch van Beijnum wrote:
If only. Having third parties point to routers is less robust than having routers announce their own presence. In the telco world, there's a separation between the control and data channels, which has important security advantages. But the IETF has always favored fate sharing. It makes routing protocols more robust and it makes RA more robust than IPv4 DHCP.
Apparently we don't have a long enough view of history, as history will tell you that this is wrong. You see, we tried the RA experiement once before. Let's go back to the Internet circa 1988, or so. There was a time when it was very common for routers to run RIP. There was a time when Sun systems (in particular, other vendors did the same) shipped with routed enabled by default. Many of these systems learned their default gateway by listening to these RIP announcements. The funny thing is, no one does this anymore. We turned off RIP, turned off routed, and invented things like HSRP to handle router redundancy. These things weren't done because someone was bored, no, they were done because these RIP deployments failed, repeatedly and often. Any device could broadcast bad information, and they did. It could be a legitimate network admin plugging a cable into the wrong jack, or it could be a hacker who rooted a machine and is injecting bad information on purpose. I submit to you those who designed RA's do not remember those days, and did not study history. The only difference is that RA's only carry a default route, where as RIP could carry several routes. The security model is identical. The failure modes are largely overlapping. IPv4 also had a similar feature, ICMP router discovery, RFC 1256. Works a little different than RA's do, but not a lot. Have you ever seen it used? I haven't. Least you think the IETF is proud of their RA work, one needs look no further than RFC 6104, where they carefully document the problem of rogue RA's and provide a list of solutions. Indeed, my proposed DHCP solution is documented in section 3.10. The IETF seems to think SEND is the solution, but it also requires deploying new software to 100% of all devices in order to be the solution.
People who don't like this should blame their younger selves who failed to show up at the IETF ten years ago to get this done while DHCPv6 was still clean slate.
I participated until a working group chair told some protocol wonks "Don't listen to him, he's an operator and doesn't understand IPv6 yet." The IETF has a long history of being openly hostle to operators. That was the day I gave up on the IETF. -- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/