>> no one is arguing nd/ra be removed entirely, as subnet anycast should be. >> the argument is that there are environments where it is not needed and >> dhcp should be able to be used in its place. > That's reasonable. There are cases where auto configuration does not > work well. A centrally configured solution can mitigate various kind > of RA/ND spoofing attacks, in the same way that static configuration > can mitigate ARP spoofing attacks.
also, do not underestimate the co$t of the of operational change to move from dhcp4 to nd/ra. folk who want to keep dns and ip audit may have to go static without dhcp6. another non-trivial barrier to ipv6 deployment. randy -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
