RA for a different router

Bjørn Mork bjorn at mork.no
Mon Dec 21 13:03:50 CET 2009


Nick Hilliard <nick-lists at netability.ie> writes:
> On 21/12/2009 09:18, Bjørn Mork wrote:
>> But this is not necessary for IPv6. The client can use any link local
>> gateway address regardless of the delegated prefix.
>
> This is part of the problem.  We learned in the early 1990s that the
> default configuration of sun workstations of blindly accepting routing
> updates from any source on a LAN was actually a rather bad idea.
>
> As an operator in the general case, I simply don't _want_ random clients on
> my lan saying "hellooooo!  i'm a default gateway over here!", and other
> random clients blindly believing them.  That just creates a requirement to
> filter out another protocol from your LAN clients.

So you need to trust the *link*.  Putting the gateway in DHCPv6 won't
change this, unless you authenticate the ISP.  And I don't really see
any ISPs prepared to support that...  I expect most of them will either
provide a true point-to-point link, or emulate one by filtering
multicast and broadcast from end users.

>> You know it's reachable on that link.
>
> You know that the gateway address is reachable, but you don't know whether
> the machine at that address will do anything meaningful with packets.

Well, that's the same for DHCP (v4) as well.  You have to blindly trust
the gateway address you get.


Bjørn


More information about the ipv6-ops mailing list