Re: Thoughts about RA en DHCPv6 in /etc/network/interfaces
On Wed, 8 Dec 2010, chiel wrote:
On 12/08/2010 08:51 PM, Jay Ford wrote:
I agree that
most things with a static IPv6 address probably don't also want a SLAAC
address, but if you generalize this very much you'll cause trouble for
some
use scenarios. Basically, don't assume that static implies no SLAAC.
RAs have information you want/need, such as the net MTU & the router
address,
so don't discard the whole RA.
So sending RA on the server network should be best practice? I think
that accepting the router address in this scenario still makes you
vulnerable to mis-configured legitimate- and rogue nodes sending RA's,
perhaps this also implies for the MTU.
Sure, just like rogue DHCP for IPv4 does. There are network-based ways to
mitigate rogue DHCP & RAs, but there is always more risk with dynamic
configuration than with static configuration. The benefit of dynamic is that
the per-system administrative burden is usually lower & IP address
utilization is usually better.
I believe that static must really mean static. As in, I configure all
network information myself and don't want any influence from outside on
this behaviour.
That's certainly a valid use scenario, & one I also like for server-type
things. Just don't assume that everybody else has the same use scenario,
because there are other equally valid options.
What about the options "iface eth0 inet6 ra" and "iface eth0 inet6
dhcpv6"? should be nice to have as a default and be disabled altogether
(meaning all options possible) if commented/removed.
That could work, though I suggest "iface eth0 inet6 slaac" or "iface eth0
inet6 auto" instead of "iface eth0 inet6 ra".
________________________________________________________________________
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: jay-ford@uiowa.edu, phone: 319-335-5555, fax: 319-335-2951
Reply to: