RA for a different router
Kurt Jaeger
ipv6-ops at c0mplx.org
Tue Dec 22 11:41:53 CET 2009
Hi!
> >>> "IPv6 is not IPv4"
> >> Too true. However, making IPv6 more different from IPv4 than necessary
> >> is not helping deployment.
> >
> > Yes. I have some nice little case here:
> >
> > German DTAG DSL platform. IPv6 via PPPoE. Customer:
> >
> > lan----cust-router------[dsl]----our-l2tp-endpoint
> > speaking pppoe
> > lan wan
> >
> > Our l2tp endpoint: cisco 7206, ios 12.4(25b).
> >
> > So, I can suggest a prefix to the cust-router for his LAN interface.
> > But assigning anything other than a link-local prefix to the wan
> > side using radius seems to be impossible ?
> >
> > Any suggestions ? IOS releases where this might be possible ?
> Why wouild you want anything else then a link-local on the WAN
> interface ?
Good question, I agree. But, it was useful in the ipv4 past,
and I assume it will be useful in the v6 future.
> It works perfectly well without any GUA
I can't test it from the monitoring host, which is not on the local link.
> and all you do
> by assigning one is create another point to secure
I have to secure it if it is link-local or GUA, anyway.
> and a second address pool to manage.
Yes, but we do this all the time, it's not a big problem.
> ICMP can be sourced from a 'virtual interface'
> and that is what all CPE I tested so far do, the current IETF drafts
> cater for this, it's covered for by WAA-6/WPD-5 in
> draft-ietf-v6ops-ipv6-cpe-router-03.
As soon as someone does firewalling on all his LAN prefixes with his
CPE, I'd like to have a seperate IP to test 8-)
I have one such case right now in the v4 world, where the
customer insists that he's not probed from our monitoring, but
complains if the link is missing 8-) Beautiful 8-)
Yes, yes, check link state or interface counters instead, all this
is possible, but it's not as nice as just sending a ping 8-)
> I notice this requirement popping everytime and nobody can tell
> me what the need is.
Since when is "Because I want to!" together with foot-stomping not
reason enough 8-) ?
--
pi at opsec.eu +49 171 3101372 11 years to go !
More information about the ipv6-ops
mailing list