IPv6 Deployment for the LAN

Nathan Ward nanog at daork.net
Sun Oct 18 07:39:29 CDT 2009


On 19/10/2009, at 1:10 AM, Owen DeLong wrote:

> On Oct 18, 2009, at 3:05 AM, Nathan Ward wrote:
>
>> On 18/10/2009, at 11:02 PM, Andy Davidson wrote:
>>
>>> On 18 Oct 2009, at 09:29, Nathan Ward wrote:
>>>
>>>> RA is needed to tell a host to use DHCPv6
>>>
>>> This is not ideal.
>>
>> Why?
>> Remember RA does not mean SLAAC, it just means RA.
>
> Because RA assumes that all routers are created equal.

RFC4191

> Because RA is harder to filter.

DHCP in IPv4 was hard to filter before vendors implemented it, too.

> Because the bifercated approach to giving a host router/mask  
> information and address information
> 	creates a number of unnecessary new security concerns.

Security concerns would be useful to explore. Can you expand on this?

--
Nathan Ward


More information about the NANOG mailing list