[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: DHCP vs. RA... again.



james woodyatt wrote:
> ...
> Are the network operators who are expressing "the specific
> requirement" that their network not "depend on RA" willing to accept
> that they still need RA to signal nodes that DHCP is required for
> obtaining prefix information and default router addresses?
> 
> Or, do they want RA deprecated completely?  If they do, then I
> wouldn't like that.


To shorten a long debate, the deployment models for not using RA are
fundamentally broken to start with. They are based on the concept that an RA
would result in a shared prefix between customers, because they are not
taking the step to do L2 isolation between the aggregation point and the
customer base. On top of that the security model is wrapped up in using DHCP
as their trust anchor (never mind that spoofing a mac blows this away). 

It is perfectly fine for the DHC wg to provide the tools for these operators
to deploy the way they want to. It is not reasonable for those operators to
drive their broken deployment model on the rest of the world by insisting
that DHCP is 'the only tool'. For them the RA should indicate 'use DHCP',
while for the rest of the world the RA should indicate the DNS server so
that DHCP is not required.

Tony