The stupidity of trying to "fix" DHCPv6
matt at mattreath.com
Sat Jun 11 03:36:40 UTC 2011
> This is "different types of networks and network users" and also different
> operational, administrative, and security domains.
> I am also getting frustrated with the endless discussions that could be
> immediately shortened by "tinkering with DHCP" to add one or two
> additional options -- a minimal cost process. Why is the argument not
> about business needs instead of technical purity?
I'd have to agree with this. Although from a technical standpoint RA Guard
would be a plausible solution to the rogue RA problem. However, the bigger
issue seems to be the mixing of what used to be managed by different
groups. Now you have IP transport folks implementing parameters sent to
client machines or routers. Less than ideal probably.
What are the current options for a company to disable RA messages,
implement RAGuard, and force clients/routers to use DHCPv6 or static
assignment for IPv6 addresses? I believe ignoring M and O bits would break
standard though - but what if they never get sent?
I know on Cisco you can suppress the RA, but not sure if you can force
most clients to make DHCPv6 requests instead of listen for RAs.
CCIE #27316 (SP)
matt at mattreath.com | http://mattreath.com
More information about the NANOG