RA for a different router
Nick Hilliard
nick-lists at netability.ie
Mon Dec 21 13:23:30 CET 2009
On 21/12/2009 12:03, Bjørn Mork wrote:
> So you need to trust the *link*.
You need to trust the link anyway. No change here.
> Putting the gateway in DHCPv6 won't
> change this, unless you authenticate the ISP. And I don't really see
> any ISPs prepared to support that... I expect most of them will either
> provide a true point-to-point link, or emulate one by filtering
> multicast and broadcast from end users.
Yes, bridged isp connections will require ra-guard before ipv6 becomes a
possibility for clients using this.
>>> You know it's reachable on that link.
>>
>> You know that the gateway address is reachable, but you don't know whether
>> the machine at that address will do anything meaningful with packets.
>
> Well, that's the same for DHCP (v4) as well. You have to blindly trust
> the gateway address you get.
Yep, correct - see my previous points in other emails.
Overall, I cannot see any real operational advantage to splitting
auto-configuration between ra and dhcpv6. It's simpler and more manageable
with a single protocol.
Nick
More information about the ipv6-ops
mailing list