IPv6 Confusion

Mikael Abrahamsson swmike at swm.pp.se
Wed Feb 18 14:52:29 CST 2009


On Thu, 19 Feb 2009, Nathan Ward wrote:

> It seems there are lots of people who want auto configuration in IPv6 
> but who clearly do not do this in IPv4. That seems strange, to me.

"Everybody" uses DHCP in IPv4, it's just that there is functionality in 
the equipment we use to make sure it can only be received from certain 
places and we apply security based on snooping the DHCP traffic.

So, the fact that "RA guard" isn't widely available is a showstopper for 
deploying native IPv6 in a lot of environments because it just can't be 
done in a secure manner.

I am sure the equivalent measures can be implemented for IPv6, it's just 
that someone needs to do it, and it's a mystery to me how all these 
security functions aren't available from the IETF already. As said before, 
a lot of the security mechanisms involved in securing IPv4 hasn't been 
implemented in IPv6.

-- 
Mikael Abrahamsson    email: swmike at swm.pp.se




More information about the NANOG mailing list