swmike at swm.pp.se
Wed Feb 18 20:52:29 UTC 2009
On Thu, 19 Feb 2009, Nathan Ward wrote:
> It seems there are lots of people who want auto configuration in IPv6
> but who clearly do not do this in IPv4. That seems strange, to me.
"Everybody" uses DHCP in IPv4, it's just that there is functionality in
the equipment we use to make sure it can only be received from certain
places and we apply security based on snooping the DHCP traffic.
So, the fact that "RA guard" isn't widely available is a showstopper for
deploying native IPv6 in a lot of environments because it just can't be
done in a secure manner.
I am sure the equivalent measures can be implemented for IPv6, it's just
that someone needs to do it, and it's a mystery to me how all these
security functions aren't available from the IETF already. As said before,
a lot of the security mechanisms involved in securing IPv4 hasn't been
implemented in IPv6.
Mikael Abrahamsson email: swmike at swm.pp.se
More information about the NANOG