Mysterious missing DHCPv6 feature, was Re: How does one obtain an IPv6 DNS server when VPNing to an ASA?

[David Barak]

--- On Thu, 5/27/10, Paul Timmins <paul at timmins.net> wrote:

> > You still haven't answered the question, "Why should
> RA be _required_ in IPv6 when DHCP is perfectly capable of
> doing everything that RA can do and more?"
> 
> Because RA is way easier to develop embedded devices for
> than DHCP. Getting an interrupt and checking the buffer,
> finding an RA and then do the address set and change
> routine, and going back to normal work is way easier than
> maintaining a state machine that has to keep track of
> address expiry, renewal, and even the request/handle
> response/ack can be complex if you're doing everything in
> 8k/16k of space.
> 
> I'm talking telemetry units that either respond to polls or
> blatt data out on to the wire as multicast as soon as it's
> collected here, not smart fridges that have enough ram to
> drive a LCD display, and thus could maybe fit a DHCP
> implementation.

That's the best explanation of a sensible rationale I've heard for this.  I still disagree with the approach: I think it's too "one size fits all" even when it doesn't, and it ignores the security lessons we've had over the past decade with regard to self-organizing networks, but I can at least see where *someone* benefits.  

I'd still like to remove the dependancy on RA for those things which CAN support a DHCP implementation - it's just yet another thing which can either break or become a security vulnerability on a typical enterprise LAN.

David Barak
Need Geek Rock?  Try The Franchise: 
http://www.listentothefranchise.com