turning on comcast v6

Blake Dunlap ikiris at gmail.com
Tue Dec 31 08:53:17 UTC 2013


The reason RIP isn't used to hand out routes is not based on age, or
protocol design. It's based on the fact that we don't want host segment
routes (usually only default) to be announcement based, because that leads
to problems and uncomfortable meetings with VPs. DHCP will happily give out
a correct gateway that can be managed using some FHRP, or not, and those
few (new to the network) users can reboot once it's fixed. The key is it is
controlled and can't be just hijacked at a moment's notice.

All we've gained by switching to RA is a security hole that must be managed
at the L2 level, and the ability to use a slower method of failover than
FHRPs purely so we aren't reliant on a single ip address, and the vauge
notion that somehow the network and the dhcp server could possibly get out
of sync, and that's somehow a worse problem than losing the entire network
randomly due to bad/inept actors and either a lack of security, or a
security vulnerability. Personally I don't see the trade offs as
beneficial, and you also lose the ability to differentiate gateways by host
from central control (even though you'd rarely see this done as opposed to
separate vlans).

-Blake


On Mon, Dec 30, 2013 at 10:40 PM, Victor Kuarsingh <victor at jvknet.com>wrote:

> On Mon, Dec 30, 2013 at 6:31 PM, Leo Bicknell <bicknell at ufp.org> wrote:
>
> >
> > On Dec 30, 2013, at 4:37 PM, Victor Kuarsingh <victor at jvknet.com> wrote:
> >
> > > On Mon, Dec 30, 2013 at 3:49 PM, Lee Howard <Lee at asgard.org> wrote:
> > >>> The better question is are you using RIP or ICMP to set gateways in
> > your
> > >>> network now?
> > >>
> > >> I disagree that that's a better question.
> > >> I'm not using RIP because my hosts don't support it (at least, not
> > without
> > >> additional configuration), and it would be a very unusual
> configuration,
> > >> adding weight and complexity for no benefit.  RAs are the opposite.
> > >> Not even sure how you would use ICMP to set a default gateway.  Maybe
> > >> there's a field I'm unaware of.
> > >>
> > >
> > > [VK] The RIP comparison is somewhat confusing to me.  I don't see how
> RIP
> > > is comparable in this context (I guess technically you can pass a
> default
> > > route in RIP, but as Lee mentions, the protocol is designed for a
> > different
> > > purpose and requires configuration).
> >
> > There was a time, I'm going to roughly guess approximately 1987-1992,
> > although
> > I may be off by a year or two, that you needed to have lived through for
> > this
> > to make sense.
> >
> > You see, in that time the available IGP was, well, RIP.  RIPv1.  Routers,
> > at
> > least ones you could buy, did not have OSPF, EIGRP, or even in many cases
> > EGP/BGP.  They had RIPv1, and perhaps some bleeding edge Cisco's had
> IGRP.
> > So almost every campus network ran RIPv1
>
>
> [VK]  Leo, I understand the case you mention, but I am not sure if this is
> a parallel to what the subject is on this thread.  I would think we are
> talking - not about routers and servers here - but end hosts (PCs, tablets,
> home gateways, smart phones, media devices etc.) which would be the
> beneficiaries of the [DHCPv6] route option information.
>
> I still don't think that RIP's prevalence in 20+ year old network
> environments, and it's lack of use today, draws a comparison to the
> validity of using RAs.  I get that it [RIP] may have been "default" on may
> historic boxes, so had similar effect on providing a default route, but the
> protocol's purpose was not intended to do that for all the hosts on a
> network (also a world where not all networks were IP as well).
>
> RA on the other had was specifically purposed to be used to provide this
> kind of information to all IPv6 stacks.  So I still think we are talking
> about very different environments in protocol types, purpose and mixture of
> participating hosts/routers etc.
>
> regards,
>
> Victor K
>


More information about the NANOG mailing list