On Mon, 2009-06-08 at 14:57 +0100, Arran Cudbard-Bell wrote: > Is anyone actually using [DHCPv6]? What advantages does it have over > the stateless auto-configuration protocol?
This question gets asked a lot. Here's my potted response. Regards, K. Why is DHCP still important with IPv6? IPv6 has autoconfiguration - it can obtain an address fully automatically, given only a router advertising a prefix. Why then is DHCP still important? Here are some of the reasons. * DHCP can pass out an address in the *absence* of router advertisements. * DHCP can pass out nameserver information – search list, default domain, nameserver addresses. That doesn't happen with ordinary autoconf. * DHCP can do dynamic DNS. That is, it can register forward and reverse DNS entries for the addresses it gives out. While you could allow the individual clients to do this, it is generally better to have a few centralised servers making updates than to have thousands of clients doing it. Apart from anything else, it is easier to secure the updates. * DHCP lets you work with subnets that are not /64. There is a bit of a debate going on over whether we should or should not be a bit less profligate with v6 addresses; 18 billion billion does seem a lot for just one subnet. With DHCP you can allocate addresses in a subnet of any desired size, larger or smaller than /64. * DHCP lets you control what addresses are allocated – you can ensure, for example, that a particular machine always gets a particular address, or that allocated addresses always come from some particular range. * DHCP provides a natural hooking point for additional control (the server software has to support that though). * DHCP provides a natural logging point – you can see when clients come and go, what addresses they had from time to time, and so on. With modern switches you can get a lot of that off the ports via SNMP, but DHCP can centralise it. * DHCP allocates addresses that do not (necessarily) contain the MAC address of the client. Autoconfigured addresses contain the MAc address of the host, and some people have an issue with displaying, globally, the MAC address of a host. They see it as "leaking" local information onto the global Internet. Temporary addresses are also a solution to this. * DHCP provides a mechanism to delegate prefixes (hand out prefixes rather than individual addresses). All the above is DHCPv6 by the way. Most of it applies to DHCPv4 too. "If you have DHCP, would that not break the radvd/autoconfig stuff?" No, not at all. Autoconfig and DHCP play very well together, and you can mix and match. You can obtain your address by autoconf or from a DHCP server, or obtain one (or more!) from *both*. You can get the ancillary information like nameserver addresses for your autoconf address, or delivered with a DHCP address. You can statically configure an address and then go get the nameserver stuff from the DHCP server. And so on. For a very small network, where ancillary information like domains and nameservers can be manually configured and where a /64 is natural, you don't generally need DHCP. In networks where everything is dual stacked and you only need v4 nameserver info, you can get nameserver info via DHCPv4 and do without DHCPv6 (assuming none of the otherreasons for using it apply). In large networks of autonomous devices (like sensors, maybe) you probably don't need DHCP. In enterprise-style networks you probably do need DHCP. DHCPv4 is pretty straightforward; every OS has it in there by default. This is not the case for IPv6 yet. However, there are at least two very good DHCPv6 clients, WIDE and Dibbler. WIDE does the job for Unix, Dibbler works on Unix and Windows. Both good, both effective, both open and free, both easy to install. Dibbler is somewhat easier to configure. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Karl Auer (ka...@biplane.com.au) +61-2-64957160 (h) http://www.biplane.com.au/~kauer/ +61-428-957160 (mob) GPG fingerprint: 07F3 1DF9 9D45 8BCD 7DD5 00CE 4A44 6A03 F43A 7DEF
signature.asc
Description: This is a digitally signed message part
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html