Re: IPv6 Confusion

[Nathan Ward <nanog () daork net>]

On 19/02/2009, at 9:22 AM, Owen DeLong wrote:

> There are also a number of security issues available in the "Just  
> trust some
> unsolicited broadcast about where to send all your network traffic."  
> approach
> to host bootstrapping that bother some people.

So, those people don't use DHCP in IPv4 if this is a concern, so I'm  
guessing they are not hoping to use DHCPv6 either.
Static configuration of IP addressing information and other  
configuration will work just fine for them.

I wonder, do they use ARP?

The things you are talking about are about protecting against  
misconfiguration, not about protecting against malicious people.

> We can argue all you want about how pathological these cases are, but,
> the fact remains that trusting some unsolicited broadcast from a  
> device
> claiming to be a router as your starting point isn't viable in a  
> number of
> real world installations and an alternative needs to be made  
> available.
>
> > Of course, better support and vendor implementation of all the  
> > different options would be nice.
> Sure, but, so would DHCP functionality equivalent to what we have in  
> IPv4.
>
> If you want SLAAC or RA or whatever, more power to you.  Some  
> installations
> do not.  They want DHCP equivalent functionality with the same  
> security model.

SLAAC and DHCPv6 do not have different security models in the "host  
trusting the network" area. In terms of "network trusting the host",  
there is a bit I suppose, assuming you trust whatever MAC address and  
client identifier the host uses.

> > Most networks have broadcast controls that are mostly vendor  
> > specific hacks. Now they'll have multicast controls, which is good  
> > to have anyways.
> This assumes a lot, but, even if it's true, it doesn't change the  
> fact that some
> organizations like the existing DHCP model and there's no reason not  
> to
> provide equivalent functionality in IPv6.

I would agree, if we did not have SLAAC.
RA is needed to tell hosts which of SLAAC and DHCPv6 to use though.

Perhaps a solution here is a DHCPv6 option that says "do not listen to  
RAs any more", so that once a host is on a network and has an address  
from DHCPv6, it does not get affected by devices sending rogue RAs.  
Perhaps there is an additional option that says "send an RS message  
and listen to RA when your renewing your DHCPv6 lease" to allow  
transition from DHCPv6 to SLAAC if the network wants to do that.

That way, we get DHCPv6 vs. SLAAC selection when a host connects to  
the network without having to manually configure, and we get "IPv4  
DHCP"-like behaviour.

--
Nathan Ward