DHCPv6-PD -> Lack of route injection in RFC
marka at isc.org
Fri Sep 22 22:47:32 UTC 2017
You know CPE devices are routers. They can tell you what routes
DHCP has given them. That annoucement could be cryptographically
Send a CPE generated public key with the PD request. Generate a
CERT for the prefix delegation using those two pieces of information
and return it with the prefix delegation. The CPE announces the
route using that CERT to sign the announcement to prevent spoofing.
Each ISP can be its own CA here if it wants to be or they can
tie into the public infrastructure.
In message <CAPkb-7AjA1osY8KsUrTfNCX+KQE4b6mhVL8T3v+uxJHr77YVGg at mail.gmail.com>
, Baldur Norddahl writes:
> I know of several methods all flawed in some ways. There seems to be no
> progress in this obvious lack of a solid easy way to inject routes to match
> We use ExaBGP to inject routes via BGP that matches the configuration that
> our DHCP server has. But this is non standard and clumsy to implement. Does
> not work with all CPE routers either.
> Den 22. sep. 2017 19.08 skrev "Nicholas Warren" <nwarren at barryelectric.com>:
> Which method would you recommend as an alternative?
> -----Original Message-----
> From: NANOG [mailto:nanog-bounces at nanog.org] On Behalf Of Baldur Norddahl
> Sent: Friday, September 22, 2017 11:52 AM
> This method is lacking because you might have several routers eg. using
> VRRP and the backup router will not learn anything from a relay on the
> Den 22. sep. 2017 14.02 skrev "Steve Teusch" <steve.teusch at rtr.guru>:
> I am running into venders that do not support injection of a delegated
> route when operating as a DHCPv6 relay (or server for that matter).
> Brocade supports this, but I am not finding this as part of any of the
> RFC's. This is to deliver home ISP service, so it is very important or
> return packets won't go to the client unless the route is manually added as
> a routing protocol is not an option. There should be a MUST activity for
> this somewhere.
> Anyone know what gives?
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the NANOG