Geoff on IPv4 Exhaustion

Sun Nov 20 19:30:49 CET 2011

On Sunday 20 Nov 2011 19:16:24 Jussi Peltola wrote:
> On Sun, Nov 20, 2011 at 03:02:39PM +0000, Olipro wrote:
> > On Sunday 20 Nov 2011 06:02:13 Jussi Peltola wrote:
> > > On Sun, Nov 20, 2011 at 12:32:08PM +0900, Erik Kline wrote:
> > > > > You want to run a routing protocol on hosts? Are you
> > > > > going to add knobs to DHCP to configure it? Or walk to
> > > > > every host when you want to reconfigure the routing
> > > > > protocol?
> > > > 
> > > > The hosts already run a [mini]routing protocol: ICMPv6.
> > > > 
> > > > They can learn about multiple routers, and merge router
> > > > preferences to
> > > > select which router should be used for a default router. 
> > > > They can
> > > > detect the loss of a router and switch to using another
> > > > router on
> > > > link.  They can learn about multiple prefixes on link, and
> > > > cope with when they go away.  They can even learn about
> > > > non-default routes, via RIOs.
> > > 
> > > And people *will* want to configure all this with DHCP. Not being
> > > to
> > > able to configure the things you need to when moving a machine to
> > > another network defeats the purpose of DHCP. At a minimum, said
> > > routing protocol would have to be turned on and off with DHCP.
> > 
> > Is DHCP some sort of panacea for you that you think any arbitrary
> > functionality should be thrown into?
> 
> No. DHCP has worked for years, and I do not see any need to break it up
> and replace it with solutions looking for problems. But I guess it's too
> late.

Yes, for IPv4; if you want to apply v4 practices to v6, you've already 
missed the point.
> 
> > > ARP/ND/ICMP or RIP on hosts have been found problematic in
> > > practical use. Would anyone run RIP on hosts instead of defining
> > > different settings with DHCP? I do not need or want any more
> > > unauthenticated broadcast-type protocols. DHCPv4 is of course
> > > also one of those, but more manageable, having transactions
> > > between the server and each client instead of broadcasts that
> > > are not usually logged or easy to troubleshoot after the fact.
> > 
> > Given that solicitations for RAs and solicitations for DHCPv6 both
> > use
> > multicast (not broadcast, this isn't IPv4) I still fail to understand
> > exactly what benefit you think you're supposed to gain from using
> > DHCPv6 over RAs given that there is no additional security, unless
> > you want to start filtering on client DUIDs (and just how secure or
> > reliable do you think that'll be?)
> 
> Now, show me some unsolicited DHCPv4 packets that modify routing tables
> without a 2-way exchange, please. And the question was not about
> security per se, but ease of debugging and predictability. With DHCPv4
> the DHCP configuration specifies the client's config rather well, with
> RAs and DHCPv6 this is not the case and the results are much less
> predictable.

And a two-way exchange matters... how?

Say we can use DHCPv6 for route configuration, how does having a two-way 
exchange make any difference? I can setup a rogue box with rogue RAs and a 
rogue DHCPv6 server - if you want to try and imply that DHCPv6 can somehow 
be "armoured" in a way that ICMPv6 cannot, you need to brush up on the 
state of packet filtering.
> 
> Even routing protocols of today are not susceptible to the perils of
> unidirectional communication. Would you run an IGP that will happily
> send traffic towards an unidirectional link where it can see
> announcements?
> 
> > If anything, considering that you can already configure radvd to dish
> > out routing information beyond a default route, this is a done deal;
> > if you're asking for DHCPv6 to be handing out routing information,
> > my wager is that your head is still stuck in the IPv4 world and
> > you've failed to understand what you can do with ICMPv6
> 
> Yet another arrogant reply.
> 
> The fact is that IPv6 in its current state does not allow many of the
> operationally necessary things DHCPv4 does. If the only reply to this
> problem that is available is nitpicking about the difference between
> broadcasts and multicast groups named "all-routers" and "all-hosts",
> I rest my case.

> 
> Jussi Peltola

Reiterating what I said above; just because you seem to think DHCPv6 is 
somehow easier to control or filter than ICMPv6 doesn't mean it actually 
is.