RA for a different router

Kurt Jaeger ipv6-ops at c0mplx.org
Tue Dec 22 11:41:53 CET 2009


Hi!

> >>> "IPv6 is not IPv4"

> >> Too true. However, making IPv6 more different from IPv4 than necessary
> >> is not helping deployment.
> > 
> > Yes. I have some nice little case here:
> > 
> > German DTAG DSL platform. IPv6 via PPPoE. Customer:
> > 
> > lan----cust-router------[dsl]----our-l2tp-endpoint
> >       speaking pppoe
> >      lan        wan
> > 
> > Our l2tp endpoint: cisco 7206, ios 12.4(25b).
> > 
> > So, I can suggest a prefix to the cust-router for his LAN interface.
> > But assigning anything other than a link-local prefix to the wan
> > side using radius seems to be impossible ?
> > 
> > Any suggestions ? IOS releases where this might be possible ?

> Why wouild you want anything else then a link-local on the WAN
> interface ?

Good question, I agree. But, it was useful in the ipv4 past,
and I assume it will be useful in the v6 future.

> It works perfectly well without any GUA

I can't test it from the monitoring host, which is not on the local link.

> and all you do
> by assigning one is create another point to secure

I have to secure it if it is link-local or GUA, anyway.

> and a second address pool to manage.

Yes, but we do this all the time, it's not a big problem.

> ICMP can be sourced from a 'virtual interface'
> and that is what all CPE I tested so far do, the current IETF drafts
> cater for this, it's covered for by WAA-6/WPD-5 in
> draft-ietf-v6ops-ipv6-cpe-router-03.

As soon as someone does firewalling on all his LAN prefixes with his
CPE, I'd like to have a seperate IP to test 8-)

I have one such case right now in the v4 world, where the
customer insists that he's not probed from our monitoring, but
complains if the link is missing 8-) Beautiful 8-)

Yes, yes, check link state or interface counters instead, all this
is possible, but it's not as nice as just sending a ping 8-)

> I notice this requirement popping everytime and nobody can tell
> me what the need is.

Since when is "Because I want to!" together with foot-stomping not
reason enough 8-) ?

-- 
pi at opsec.eu            +49 171 3101372                        11 years to go !



More information about the ipv6-ops mailing list