"DHCP storm" has never been an issue for DHCPv4, where the problem is
potentially more serious because DHCPv4 is usually used for address
assignment. What evidence do we have the "DHCP storm" will suddenly become
a problem in DHCPv6?
I find it surprising that this problem has never come up in IPv4. In IPv6 it could potentially be worse as hosts already have an address so the DHCP traffic can get in the way of real traffic, unlike with IPv4.
For this reason, and because running the DHCP(lite) service results in additional operational complexity and security risks on both the servers and clients, I feel very strongly that we need a non-DHCP mechanism for determining DNS resolver addresses that can be used together with RFC 2462 IPv6 address configuration.
I think we should reserve judgment on the additional operational complexity
associated with stateless DHCPv6 until we actually have some operational
experience.
Disagree. We need DNS configuration in IPv6 yesterday. Waiting for DHCPv6lite specs, then implementations and finally operational experience and THEN find out that there is indeed a problem and start work on other mechanisms will take too much time.
Besides, the question isn't whether DHCP can function well. I'm sure it can. The question is whether people who have otherwise no need for DHCP should be made to use it by not making alternative ways to configure DNS resolver addresses available.
Based on the existing implementations of stateless DHCPv6, I don't see where the additional operational complexity will come from.
As long as everything works there is just the additinal delay of having to wait for DHCP to complete. This should be pretty fast in most circumstances. But if it _doesn't_ work then debugging is going to be very inconvenient because there are now two protocols involved in configuring hosts when they come online. And any open ports add to the security risks.
What I don't understand is the fear of well-known addresses. This subject seems to have an extensive history, but I can't seem to find the actual arguments, as the discussion has long since deteriorated to kindergarten level: "Would you want 200 million devices to be shipped with the DNS of your organization burned into ROM?"
If well-known addresses are such a good idea, why haven't we adopted them
for IPv4?
Because IPv4 doesn't have a mechanism similar to RFC 2462 for address discovery/creation. So DNS configuration has always been something that went along with address discovery (= manual configuration, PPP and DHCP).
Summarizing from below, I agree that we can specify the use of the 'O' bit
to control the use of stateless DHCPv6 just as the 'M' bit controls the use
of DHCPv6 for address assignment. I still disagree that the supposed
shortcomings to stateless DHCPv6 given in the first paragraph are sufficient
to warrant the use of well known addresses or the development of an
extension to RAs.
But do you agree that the fact that many people don't want to run DHCPv6 is sufficient reason?
Iljitsch van Beijnum
#---------------------------------------------------------------------- # To unsubscribe, send a message to <[EMAIL PROTECTED]>.
