On Sun, 2012-10-21 at 14:45 -0700, Mark Smith wrote: > Actually it can, as the destination address for the server the relay uses > can be the all-dhcp-serviers site-local (FF05:0:0:0:0:0:1:3) multicast > address.
I have yet to see this in the wild, and would be interested to hear if anyone actually does this. It seems to me that it is asking for trouble - anyone could set up a server and add themselves to that group, then receive - and answer! - DHCP queries. That is of course true anyway on the client link, but it's a different scale of problem on the wider network. Mitigation would need filters everywhere, just in case. Unicasting from relays requires configuration of all relays, but that is required anyway - and all the relays could have the *same* configuration, which is always good. My understanding (poor) is that since site-local was deprecated, the various ff05::/16 addresses were pretty much deprecated as well. Actually that's not an understanding, it's an assumption :-) And I can see that an alternative path would be to let all the site-local well-known addresses stand alone; no longer site-local as such, just "they are what they are". Regards, K. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Karl Auer (ka...@biplane.com.au) http://www.biplane.com.au/kauer http://www.biplane.com.au/blog GPG fingerprint: AE1D 4868 6420 AD9A A698 5251 1699 7B78 4EEE 6017 Old fingerprint: DA41 51B1 1481 16E1 F7E2 B2E9 3007 14ED 5736 F687
signature.asc
Description: This is a digitally signed message part
-------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
