RA & DHCP problem...

Philipp Kern pkern at debian.org
Sun Dec 29 14:12:51 CET 2013


Hi,

On Sun, Dec 29, 2013 at 11:37:23AM +0000, Nick Hilliard wrote:
> On 28/12/2013 15:07, Philipp Kern wrote:
> > how do these deployments look like?
> 
> large.  Either small numbers of very large l2 domains or else large numbers
> of l2 domains with lots of hosts.  In either case, the use case is tens of
> thousands of ipv6 hosts.
> 
> > Because the granuality is generally
> > per broadcast link and I don't think we are talking about multiple
> > routers on one broadcast domain with the DHCP server doing the load
> > balancing?
> 
> I don't know what you mean here.  I'm talking exclusively about networks
> with multiple gateways with a requirement for tightly timed failover.

that's basically what I said. I added the additional point that the DHCP
server gives out different gateways for load balancing reasons.

> No, you can't do tightly timed failover with RAs […]

How would you make that work with DHCPv6? Isn't that also MAC failover
which you refuse to consider for RAs?

> There are two intertwined issues here: 1. why RA is a poor choice in
> certain situations and 2. why DHCPv6 is a better choice in these situations.
> 
> 1. running RA+DHCPv6 is running two protocols to handle autoconfiguration,
> which is not particularly compatible with the KISS principal because two
> protocols is by necessity more fragile than operating with just one.  If
> alternatively dhcpv6 were able to provide a defgw option, we could drop an
> entire protocol.

You would still have ND. And it's all part of ICMPv6, so you don't avoid
"an entire protocol" unless you specify a target MAC to send traffic to.

> 2. two protocols is inherently more difficult and therefore expensive to
> debug than one.

Well, you could avoid DHCPv6 too. ICMPv6 will be there anyway.

> 3. there is no way of specifying a global unicast ipv6 address.  You can
> only specify link-local addresses.

True. But you are talking about large L2 domains, which have link-local
addressing. What's wrong with that?

> 4. there is no way for RAs to deploy different gateways to different hosts:
> all hosts on the network must be configured in the same way.

Yes. That point I genuinely see. But what's the reason the domains get
that large? It seems to me that it's unavoidable in some cases but never
technically desired, because it introduces large failure domains that
should be decoupled.

> 5. there is no way to specify anything other than a default gateway.

RDNSS is there, but not arbitary data, that's true. Yes, the big iron
vendors do not support it, but OTOH you are already talking about
dibbler. But for this DHCPv6 can be stateless and only provide config
data.

> 6. the failover characteristics of RAs are very poor by modern standards.

Yeah, but you did not point out what else to use, except for "multiple
gateways". Which you cannot dynamically update on the clients either.

Kind regards
Philipp Kern
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20131229/f34ded31/attachment.bin 


More information about the ipv6-ops mailing list