RA & DHCP problem...

S.P.Zeidler spz at serpens.de
Mon Dec 30 16:10:32 CET 2013


Thus wrote Tarko Tikan (tarko at lanparty.ee):

> Agreed this wasn't the best example but it's valid for two default
> gw's as well.

... not if your operating system will flat out refuse to enter a second
one (as eg a Linux if you don't run more than one routing table).

> You can also have same situation with mix of manual
> config and RA or two routers of which one cannot be used for transit
> traffic (or even second malicious router).

If the user manages to enter config manually, a) it is well defined that
the manual config will win and b) it's their own fault.

If you have RA from more than one source on the cable you are much more
likely to identify that after none too long debugging if all your
IP configuration is by RA.

> >-If- there get to be DHCP v6 routing options -and- there is no clear
> >guidance what to do when DHCP and RA conflict, sooner rather than later
> >best practise will be not to run DHCP and RA on the same network, because
> >information will disagree often enough if you give it any chance at all to
> >do so.
> 
> I would say it's definetly not best practice. But no real harm will
> be done if you accidently do it (or during migration), kernel will
> not go into deadlock or something like that.

You'll just have bignum users calling the helpdesk to complain that
The Internet Is Broken (tm) or that they can't work.

> You can have traffic
> blackholing but it's not really different from todays situation.

It's different in that you can do a change in one protocol expecting it
to be picked up, and a fraction of well-configured hosts may not because
they prefer the other information source.
Deterministic faults are MUCH easier to debug and fix than Heisenbugs.

> There is no need to prefer one protocol over another and make it
> complicated (also complicated to implement if RA is in kernel ja
> DHCP in userland).

I very strongly disagree with your assertion that there would be no need.

> >My personal guess is that this would mean that RA would vanish due to lack
> >of use. Too many people are familiar with DHCP in v4 to not just translate
> >their setups 1:1 with longer adresses if they get half a chance.
> 
> No. In our setup it's DHCPv6 with IA_PD only on HGW WAN and RA +
> RDNSS/stateless DHCPv6 on LAN. This makes total sense because RA is
> widely supported in enduser systems.

Ok, so? How long do you suppose vendors would continue to support RA if
all their enterprise customers ran setups where RA was expressly switched
off? How well would the code that supports RA be tested? are you familiar
with the term bitrot?

> It's not exactly someone elses problem as someone else don't need to
> do work if default gw is added to DHCPv6.

So you propose that the feature be added to the protocol and then no-one
should implement it?

regards,
	spz
-- 
spz at serpens.de (S.P.Zeidler)


More information about the ipv6-ops mailing list