Re: [v6ops] New Version Notification for draft-yourtchenko-ra-dhcpv6-comparison-00.txt (fwd)

[Mark ZZZ Smith <markzzzsmith@yahoo.com.au>]

<snip>

>
>
>Remember, RFCs are guidelines only, not laws, and
>
>if the guidelines don't support the operational needs
>of businesses, they _will_ bypass them in order to
>keep the business functioning.
>

And they're quite free to do that at their expense, privately inside their own network, and without any involvement of the IETF if they don't care about interoperability. They can pay all of the costs of their device vendors implementing the enterprise's own methods and protocols when they are different to the IETF's.

The thing the IETF have to worry about is summarised quite well in the title of RFC3271, and a few paragraphs from it:

"The Internet is for Everyone"


"  Internet is for everyone - but it won't be until in every home, in
   every business, in every school, in every library, in every hospital
   in every town and in every country on the Globe, the Internet can be
   accessed without limitation, at any time and in every language."

"  Internet is for everyone - but it won't be if it is too complex to be
   used easily by everyone.  Let us dedicate ourselves to the task of
   simplifying the Internet's interfaces and to educating all that are
   interested in its use."

The IETF is about providing protocols to provide interoperability between many different, independent and unrelated parties' implementations. That means that my mother's interoperability and ease of use needs are as equally important to consider as your enterprises' are, when developing a solution. 

Enterprise networks are quite welcome to bring their needs to the IETF, but I don't think they can expect that only their needs will be considered and satisfied, just because they've got lots of money. There are more home users of the Internet and home networks attached to the Internet than there are enterprises networks and users, so if there is a common case to optimise for, it is the non-technical home user. 

>
>Very large scale enterprises are well grounded in
>the model of having the host config say "obtain
>
>addresses dynamically", and having the source
>of those addresses be an authoritative box which
>tracks and accounts for all addresses given out.
>

DHCPv4 and DHCPv6 "tracks and accounts for all addresses given out", but it won't guarantee to tell you all addresses in use, and I think that is what mostly enterprise people actually are caring about (and I used to be one of them). DHCP does not track statically configured addresses in either IPv4 or IPv6, and in the case of IPv6, won't track link-local addresses present and in use either. DHCPv6, SLAAC, static and link-local addresses are all candidate addresses for applications to use (RFC6742, RFC4007), so DHCPv6 will only ever provide partial visibility into what addresses are in use - just as DHCPv4 does.

Give up the delusion that DHCP of either flavour will guarantee to tell you all the addresses in use on your network, and deploy a proper solution that does, such as arpwatch for IPv4, or ipv6mon (http://www.si6networks.com/tools/ipv6mon/) for IPv6. I don't know if the commercial router vendors are providing equivalent tools, but they should be if they aren't and want to address their enterprise customers' security needs.


>The notion of clients selecting their own address

>does not work in those environments, and trying
>to insist they alter their business to fit your idea
>of how things should work is less than useful.
>
> 

>
>
>>As such, the options are not DHCPv6 only, RA-only, and Both, but, RA-only and Both.
>>
>>The scenarios where RA-Only make sense are any scenario where you do not need greater control of the client configuration than Prefix information, routing information, and DNS resolver addresses and search strings.
>>
>>In any scenario where you need to supply the host with more configuration information on a dynamic basis, DHCPv6 is also required.
>>
>>Also, if you want dynamic DNS updates, deterministic assigned suffixes, etc., these fall into the DHCPv6 realm.
>>
>>It's really as simple as that as near as I can tell.
>>
>>If you want to run without RAs, then you are into the realm of static configuration. I, personally, do not see this as a problem.
>>
>
>
>Or, you're a company with tens of thousands
>of desktops, where static configuration is not
>
>a viable option, but control over address 
>assignment from central servers is a must;
>in that environment, DHCPv6-assignment-only is 
>a reality, and will exist; it is already being explored 
>today, and to to deny that it is coming is equally as
>useful as cursing the coming of nightfall; it
>will happen, with or without your agreement
>or support.
>
>
>Matt
>
>
>
> 
>
>>Owen
>>
>>
>>
>
>
> 
>
>_______________________________________________
>v6ops mailing list
>v6ops@ietf.org
>https://www.ietf.org/mailman/listinfo/v6ops
>
>
>