Hello 6MAN and DHCP, Especially thanks *Wes Beebee*, Hemant Singh, Brian Carpenter, Alex and Ted's discussion.
MIF is going to discuss the confliction between RA and DHCP on tuesday afternoon MIF session (15:20-17:00) the author Tomasz has propose below resolution: The problem is about potential conflict between RA and DHCP. Our proposed answer is as follows: RA provides configuration to all hosts in a network. DHCP can provide configuration on a per host basis. Therefore it may be useful to use DHCP to "override" configuration for some hosts in a network (e.g. engineering department has extra routes defined for a lab network). As such, DHCP should be preferred. However, there is also a matter of security. Both RA and DHCPv6 can be secured. If SEND is deployed, RA is more trustworthy than DHCP, so it should be preferred. Finally, there is such thing as secure DHCP, so if both RA and DHCP are secure, prefer SEND. I must admit that I never heard about any realistic deployments of secure DHCP, but it will change over time. This approach can be summed as: favor secure, favor DHCP. Or to be more explicit, there's a complete list of all cases: a) RA vs DHCP => prefer DHCP b) RA(SEND) vs DHCP => prefer RA c) RA vs secure DHCP => prefer DHCP d) RA(SEND) vs secure DHCP => prefer DHCP Does it sound reasonable? This approach is very similar to what was described in DNS configuration over RA and DHCP (except the part about both RA and DHCP being secure that is not covered in RFC6106). To summarize the discussion so far, Ted Lemon on MIF list agreed that DHCP should be preferred. Herman Singh on 6MAN list suggested to go look at what DNS over RA proposes and use the same approach. RFC6106, section 5.3.1covers cases a) and b). c) and d) are logical extension that takes DHCPv6 security into consideration. My understanding is that proposed solution will be satisfactory to everyone.
-------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
