The stupidity of trying to "fix" DHCPv6

Leo Bicknell bicknell at ufp.org
Fri Jun 10 15:26:29 UTC 2011


In a message written on Fri, Jun 10, 2011 at 05:13:09PM +0200, Iljitsch van Beijnum wrote:
> Now you could argue that the DHCPv6-supplied gateway addresses should have higher priority than the ones learned from RAs. At least that solves the problem. However, that solution still has two issues:
> 
> 1. No longer the fait sharing that comes from RA-learned gateway addresses

I proport that VRRPv6 is a superior solution to have redundant
gateways than using RA's to broadcast both and let the host choose.

> 2. Old and new hosts may use different gateways on the same network

This problem already exists.  Have IPv4 hosts come up with IPv4,
change the gateway on the server, and let some new hosts come up.

I agree having two different methods to configure a default gateway
is silly.  You can do it in IPv4, broadcast a default route in RIP
and learn one via DHCP.  I'm going to assume operators aren't going
to do such stupid things.

> So my suggestion is: learn gateway addresses from RAs as we do today, but in addition create a DHCPv6 option that contains gateway addresses, and then when a gateway address is in the DHCPv6 list, it gets a higher priority.

I think that would probably be an acceptable solution.  I'm pondering
that off the top of my head, but I don't see any major, crazy flaws.

My guess is that most networks that use DHCPv6 will disable RA's
completely on the routers.  Sure, they can't disable rogue RA's
until more switches support filtering them, but that will happen
over time.

> This should make everyone happy except those so set in their IPv4 ways that they insist on removing RAs. Which is not only a bad idea, but an exercise in futility because of the large number of "legacy IPv6" hosts that need RAs to function and won't go away anytime soon.

You have now hit my greatest frustration on the head.  This problem has
been known and documented for 7-8 years, at least.  I believe the first
time I saw RA's take down a conference network was in 2005.  Proposed
solutions have been floating around almost as long.

We could have solved this before a lot of hosts were deployed.

-- 
       Leo Bicknell - bicknell at ufp.org - CCIE 3440
        PGP keys at http://www.ufp.org/~bicknell/




More information about the NANOG mailing list