> MIF is going to discuss the confliction between RA and DHCP on tuesday > afternoon MIF session (15:20-17:00)
This clashes with SOFTWIRE. Can you do it in the 17:10 session? Regards Brian On 2011-11-14 14:46, Hui Deng wrote: > Hello 6MAN and DHCP, > > Especially thanks *Wes Beebee*, Hemant Singh, Brian Carpenter, Alex and > Ted's discussion. > > MIF is going to discuss the confliction between RA and DHCP on tuesday > afternoon MIF session (15:20-17:00) > the author Tomasz has propose below resolution: > > The problem is about potential conflict between RA and DHCP. Our > proposed answer is as follows: > > RA provides configuration to all hosts in a network. DHCP can provide > configuration on a per host basis. Therefore it may be useful to use > DHCP to "override" configuration for some hosts in a network (e.g. > engineering department has extra routes defined for a lab network). As > such, DHCP should be preferred. > > However, there is also a matter of security. Both RA and DHCPv6 can be > secured. If SEND is deployed, RA is more trustworthy than DHCP, so it > should be preferred. Finally, there is such thing as secure DHCP, so if > both RA and DHCP are secure, prefer SEND. I must admit that I never > heard about any realistic deployments of secure DHCP, but it will change > over time. > > This approach can be summed as: favor secure, favor DHCP. Or to be more > explicit, there's a complete list of all cases: > a) RA vs DHCP => prefer DHCP > b) RA(SEND) vs DHCP => prefer RA > c) RA vs secure DHCP => prefer DHCP > d) RA(SEND) vs secure DHCP => prefer DHCP > > Does it sound reasonable? > > This approach is very similar to what was described in DNS configuration > over RA and DHCP (except the part about both RA and DHCP being secure > that is not covered in RFC6106). > > To summarize the discussion so far, Ted Lemon on MIF list agreed that > DHCP should be preferred. Herman Singh on 6MAN list suggested to go look > at what DNS over RA proposes and use the same approach. RFC6106, section > 5.3.1covers cases a) and b). c) and d) are logical extension that takes > DHCPv6 security into consideration. My understanding is that proposed > solution will be satisfactory to everyone. > > > > ------------------------------------------------------------------------ > > _______________________________________________ > mif mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/mif -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
