Mysterious missing DHCPv6 feature, was Re: How does one obtain an IPv6 DNS server when VPNing to an ASA?
Doug Barton
dougb at dougbarton.us
Wed May 19 02:35:30 CEST 2010
On 5/18/2010 3:57 AM, Benedikt Stockebrand wrote:
>
> ... but showing up after ten or more years complaining that one's
> existing business model isn't protected is not.
I actually agreed with a lot of what you wrote, but here is where I take
exception. I actually DID say "No one is going to deploy IPv6 in an
enterprise network without DHCP that looks substantially like it does in
IPv4, and supports the same options." I was shouted down LOUDLY by the
autoconf religious zealots, so I went away. I had a lot of company in
both regards (what I said, and not bothering to keep saying it since no
one was listening).
I (and others) have continued to try to say these things periodically
over the past decade, and we continue to get shouted down, although less
loudly nowadays. Eventually I think this debate (DHCP vs. RA) will go
the same way IPv6 PI space did, religious zealots dragged kicking and
screaming into reality by those who are more interested in seeing IPv6
actually deployed.
> IPv6 deployment is long overdue. Coming up with reasonings "but we
> can do this slightly better if we do it another way" however is pretty
> embarrassing at best.
You're attempting to minimize the significance of the arguments you
don't agree with, which is a fine rhetorical technique, but not very
useful from an operational perspective. Whether you agree with the
reasons enterprises want DHCP or not, enough folks have repeated those
reasons often enough at this point that by disregarding or diminishing
them it only makes you look foolish, and out of touch.
In no particular order, the main reasons enterprises like DHCP:
1. It allows them to configure multiple aspects of Host Configuration,
not just the bare minimums required for connectivity.
2. Configuring one (or at most a few) DHCP servers is easier than
configuring many routers.
3. The administrative domains covered by network administration and
those who configure DHCP are often different, and the needs of the
latter are often more dynamic (pardon the pun) which requires fast
response times to meet effectiveness goals.
4. Security concerns related to rogue/misconfigured RA messages. (This
is the everyone fails instantly vs. only failing when you renew your
lease problem.) Yes, I know that RA guard is "almost done," but the
concern remains valid.
Telling enterprise users, "But this is a New Thing(TM), so you have to
learn (read spend money on) new ways of doing things" is going to
continue to get you the same response it has for the last 10 years, "No
thanks, we'll just use NAT."
It's actually really important to understand this, since there is
ABSOLUTELY no argument you can advance for why IPv6 is "better" that is
persuasive here. Even in a world where 99.99999% of the content "on the
intarwebz" is available ONLY over IPv6, IPv6 NAT at the border of their
IPv4-only network will work just as well for them as NAT at the border
of their IPv4-only network works for them now.
hth,
Doug
--
... and that's just a little bit of history repeating.
-- Propellerheads
Improve the effectiveness of your Internet presence with
a domain name makeover! http://SupersetSolutions.com/
More information about the ipv6-ops
mailing list