The stupidity of trying to "fix" DHCPv6

Kevin Loch kloch at kl.net
Sat Jun 11 16:41:17 UTC 2011


Leo Bicknell wrote:
> In a message written on Fri, Jun 10, 2011 at 05:13:09PM +0200, Iljitsch van Beijnum wrote:
>> Now you could argue that the DHCPv6-supplied gateway addresses should have higher priority than the ones learned from RAs. At least that solves the problem. However, that solution still has two issues:
>>
>> 1. No longer the fait sharing that comes from RA-learned gateway addresses
> 
> I proport that VRRPv6 is a superior solution to have redundant
> gateways than using RA's to broadcast both and let the host choose.

VRRP is definitely superior to RA's in that you can have many different
redundant gateway groups for different purposes.  Things like alternate
default gateways, gateways to other back-end networks and VPN routers.

In all but the most trivial hosting environments RA's will have to be
disabled, filtered, and protected against at all cost.

VRRPv3 (http://tools.ietf.org/html/rfc5798) is still a bit broken
in that it makes mention of "MUST advertise RA's" and inexplicably 
limits VRRP addresses to link local only (?!)*.  But at least we have
something, it took years for the RA police at the IETF to allow even
this limited solution.

* In many cases it may be desirable to have VRRP addresses routed via
IGP, especially static routes to VRRP next-hops.

- Kevin




More information about the NANOG mailing list