IPv6 Security [Was: Re: misunderstanding scale]

Chuck Anderson cra at WPI.EDU
Thu Mar 27 00:50:40 UTC 2014

On Wed, Mar 26, 2014 at 06:52:53PM -0500, Timothy Morizot wrote:
> On Mar 26, 2014 6:27 PM, "Luke S. Crawford" <lsc at prgmr.com> wrote:
> > My original comment and complaint, though, was in response to the
> assertion that DHCPv6 is as robust as DHCPv4.   My point is that DHCPv6
> does not fill the role that DHCPv4 fills, if you care about tying an IP to
> a MAC and you want that connection to persist across OS installs by
> customers.
> You're right. DHCPv6 is more robust than DHCPv4. At least those of us in
> the enterprise space appreciate a client identifier that doesn't change
> when the hardware changes.

No, it is LESS robust, because the client identifier changes when the
SOFTWARE changes.  Around here, software changes MUCH more often than
hardware.  Heck, even a dual-boot scenario breaks the client
identifier stability.  Worse yet, DHCPv6 has created a scenario where
a client's IPv4 connectivity and IPv6 connectivity break under
/different/ scenarios, causing difficult-to-troubleshoot
half-connectivity issues when either the hardware is replaced or the
software is reloaded.

More information about the NANOG mailing list