IPv6 RA vs DHCPv6 - The chosen one?

Owen DeLong owen at delong.com
Tue Jan 3 21:52:07 UTC 2012

> I agree with you, that is not typical for many networks. For example in
> our network we have enabled some of that features (not all) only in some
> subnets. Unfortunately those subnets connects over 70% of our users
> (6500). Is also great that many produces are going to take that issues
> seriously.
> Actually we have quite big concerns with decision if:
> 1. to buy cheaper access switches (like HP 42xx) that have security
> features for IPv4 but will never have support for IPv6. The hardware
> does not support IPv6 at all. In that case we will be able to replace
> access switches in quite short time -  one year. And in next five years
> we will be buy a brand new generation of switches that will have all
> those problems solved (I hope).
> or
> 2. to buy much more expensive switches (like HP 54xx) that supports some
> basic security features for IPv6 and there is some a probability that
> other features will be implemented. So we will be able to use ra-guard
> and ACLs immediately. In that case there is still a chance that some
> features will not be implemented due to hardware limits. So we will have
> to buy new generation of switches again in five years.
> Tomas

To me, that question is a no-brainer. Buying a product without IPv6 support today as a cost-saving measure makes about as much sense as spending $20 to pay someone to recover $0.50 worth of screws from the factory floor sweepings every night. You might create the appearance of savings in the short run, but, the costs in the medium and long terms will vastly overwhelm any perceived short-term savings.


More information about the NANOG mailing list