On 7 Oct 2010, at 10:41, Jan Zorz @ go6.si wrote:
Mandatory support:
DHCPv6 client [RFC3315]
I agree. I use Mac OSX regularly as my primary OS and can't understand what went wrong at Apple still lacking the DHCPv6 client. Do we have any mechanism to remind them about this issue?
Apple is an organisation. It does not take decisions. People at Apple do. In this case, you need to talk to Stuart Cheshire.
- ULA optional: I don't exactly see how a host could support IPv6 at all and not do ULA. It's just Yet Another Prefix.
Agree. Moving to mandatory.
+1
Enterprise switch: - RA-guard: your enemy is not -unsolicited- RA, your enemy is -unauthorized- RA. As in, the laptop your sales guy brought in announcing itself as the gateway to the world, even if RA was solicited.
AFAIK RA-guard prevents RA packets being sent from ports, that are "declared" as "hosts" ports and connected hosts not authorized to send RA as such.
how is a host-based mechanism based on prevention of outgoing packets ever going to work? I mean, it can prevent accidents (perhaps, it is not a guarantee, look at usual list of ad-hoc Wifi SSIDs at any event) but it sure won't prevent intentional unauthorised RAs. Distinguishing authorised from non-authorised is of course no simple matter, probably needing pre-auth, which kind of takes the automation out of the equation. It's almost like the IPv6 designers didn't have access to real networks during protocol development (no DHCP initially, silly TLA/SLA crap...)
Firewall (etc): - an application firewall that speaks BGP? at all? usefully? I've seen (D)DoS blackholing devices that speak BGP, otherwise that part of routing is not really best run on firewalls.
That's why it says "if requested". I agree that BGP is not best run on firewall, but some people practice that idea, mainly because of cutting-costs and for small-mid companies it might work out well ofr most of the time.
is this one v6 specific? Joao