The stupidity of trying to "fix" DHCPv6

Ricky Beam jfbeam at gmail.com
Fri Jun 10 20:24:58 UTC 2011


On Fri, 10 Jun 2011 09:47:44 -0400, Leo Bicknell <bicknell at ufp.org> wrote:
> The point is, RA's are operationally fragile and DHCP is operationally
> robust.

No.  Both are just as fragile... if you haven't taken steps to protect  
them.  If you aren't doing any sort of DHCP snooping, anyone can setup a  
rogue DHCP server and kill your network -- been there, laughed at them.   
Even my *home* lan has DHCP snooping configured.

The only question is support for "RA Guard" in your network hardware.  A  
lot of old gear isn't going to support it.  But DHCP was no different.

--Ricky

PS: Don't read into this... I hate SLAAC and RA, more than most people.  
(it's been a bad idea from day one.)




More information about the NANOG mailing list