Re: Operational comments on RAs vs DHC

[JINMEI Tatuya / 神明達哉 <jinmei@isl.rdc.toshiba.co.jp>]

At Mon, 19 Mar 2007 15:42:35 +0000,
Tim Chown <tjc@ecs.soton.ac.uk> wrote:

> A number of administrators that I know of deploying IPv6 (dual-stack) have
> commented on a common problem, specifically the problem of handling 'rogue'
> RAs in their networks.   This includes one admin at our site.
> 
> We typically see the problem in our wireless networks, where perhaps a 
> user brings in a laptop that's set to be a 6to4 router at home, but shouldn't
> be one on our wireless.   But we also have seen it where an admin makes
> a config error typically in a VLAN config and one or more RAs leak to
> additional subnets/links.   Use of VLANs seems to be rising, and mistakes
> maybe more common.

I'm not going to say that we don't have to worry about this type of
trouble, but I think we should check the severity carefully.

As far as I know, the only implementation that could act as this type
of rouge IPv6 router in practice was IPv6-enabled Windows XP.  I also
hear that Windows Vista doesn't enable 6to4 when normal IPv6
connectivity is provided.  And both XP and Vista support RA preference
(as defined in RFC4191).  Is my understanding correct?

If so, the problem may not be that severe as we are now worrying about
because IPv6 is not enabled in Windows XP by default; so there is less
probability that normal innocent users are trapped.

Again, I'm not saying this is not an issue to be considered.  But if
my understanding described above is correct, it seems to me it's at
least not worth introducing a drastic paradigm change in operation
and/or in protocol specification (such as using DHCPv6 just due to
this and/or introducing a 'default-router' option to DHCPv6).

					JINMEI, Tatuya
					Communication Platform Lab.
					Corporate R&D Center, Toshiba Corp.
					jinmei@isl.rdc.toshiba.co.jp