RA for a different router

Nick Hilliard nick-lists at netability.ie
Mon Dec 21 13:23:30 CET 2009


On 21/12/2009 12:03, Bjørn Mork wrote:
> So you need to trust the *link*. 

You need to trust the link anyway.  No change here.

> Putting the gateway in DHCPv6 won't
> change this, unless you authenticate the ISP.  And I don't really see
> any ISPs prepared to support that...  I expect most of them will either
> provide a true point-to-point link, or emulate one by filtering
> multicast and broadcast from end users.

Yes, bridged isp connections will require ra-guard before ipv6 becomes a
possibility for clients using this.

>>> You know it's reachable on that link.
>>
>> You know that the gateway address is reachable, but you don't know whether
>> the machine at that address will do anything meaningful with packets.
> 
> Well, that's the same for DHCP (v4) as well.  You have to blindly trust
> the gateway address you get.

Yep, correct - see my previous points in other emails.

Overall, I cannot see any real operational advantage to splitting
auto-configuration between ra and dhcpv6.  It's simpler and more manageable
with a single protocol.

Nick


More information about the ipv6-ops mailing list