I can also take down a network with spanning-tree, but oh wait, we protect against that don't we. Maybe protecting against rogue RA to begin with would be a better idea than waiting until a problem happens. Just saying. On Fri, Jun 10, 2011 at 9:47 AM, Leo Bicknell <bicknell@ufp.org> wrote:
In a message written on Fri, Jun 10, 2011 at 09:37:11AM -0400, Ray Soucy wrote:
You really didn't just write an entire post saying that RA is bad because if a moron of a network engineer plugs an incorrectly configured device into a production network it may cause problems, did you?
No, I posed the easiest way to recreate this issue.
I've seen the entire NANOG and IETF lans taken out because some dork enabled microsoft connecting sharing to their cell card.
I've seen entire corporate networks taken out because someone ran the patch cable to the wrong port.
The point is, RA's are operationally fragile and DHCP is operationally robust. You can choose to stick your head in the sand about that if you want, but it's still true.
-- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/
-- Ray Soucy Epic Communications Specialist Phone: +1 (207) 561-3526 Networkmaine, a Unit of the University of Maine System http://www.networkmaine.net/