Jari Arkko wrote:
Ric,
If you point me to the IPv6 deployment architecture from the DSLForum
I can send you a draft on how to do the authentication in it. Putting
EAP into DHCP v6 is no big trick, the real trick is what does the rest
of the IPv6 architecture look like.
There are a ton of questions like:
a) Do we have multiple services with separate addresses or are they on
the same address as IPv4. Both approaches have pro's and cons.
b) How far into the L2 architecture are link local addresses allowed.
c) SAVA
and on and on.
It is simply premature to guess at what authentication is appropriate
and while PANA seems to think they have a hammer for everything. I do
not think DHCP Authentication may be the write answer to every question.
So leave off the IPv6, we just cannot answer the question with the
architectures under discussion at the DSLForum.
I think the question about IPv6 is an important one, primarily because
we know that there's a difference going from IPv4 to IPv6 on how
universal DHCP needs to be. I am not saying that we cannot have
something based on DHCP, however. If our crystal ball said that the
mechanisms that you are proposing are only going to be implemented in a
provider-supplied CPE box, I would see no problem running DHCPv6 (and
prefix delegation) between that and the BRAS. If the scope is larger
than CPEs, however, we have significant deployment and compatibility
issues as Bernard has pointed out.
I don't see any particular technical reason why this particular feature
would work for DHCPv4 and not DHCPv6, and think there is value in making
sure the mechanism works in as similar manner as possible for one as
well as the other.
Whether authentication in DHCPv6 is the correct deployment model for
non-PPP-based IPv6 in DSL is a separate question, and just one part of
an architectural puzzle that is missing a number of other pieces right now.
- Mark
Jari
_______________________________________________
Int-area mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/int-area
_______________________________________________
Int-area mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/int-area
