DHCP code in 2.0.4+

Karl Auer kauer at biplane.com.au
Tue Jun 9 02:14:54 CEST 2009


On Mon, 2009-06-08 at 14:57 +0100, Arran Cudbard-Bell wrote:
> Is anyone actually using [DHCPv6]? What advantages does it have over
> the stateless auto-configuration protocol?

This question gets asked a lot. Here's my potted response.

Regards, K.
Why is DHCP still important with IPv6?

IPv6 has autoconfiguration - it can obtain an address fully
automatically, given only a router advertising a prefix. Why then is
DHCP still important? 

Here are some of the reasons. 

      * DHCP can pass out an address in the *absence* of router
        advertisements.

      * DHCP can pass out nameserver information – search list, default
        domain, nameserver addresses. That doesn't happen with ordinary
        autoconf.

      * DHCP can do dynamic DNS. That is, it can register forward and
        reverse DNS entries for the addresses it gives out. While you
        could allow the individual clients to do this, it is generally
        better to have a few centralised servers making updates than to
        have thousands of clients doing it. Apart from anything else, it
        is easier to secure the updates.

      * DHCP lets you work with subnets that are not /64. There is a bit
        of a debate going on over whether we should or should not be a
        bit less profligate with v6 addresses; 18 billion billion does
        seem a lot for just one subnet. With DHCP you can allocate
        addresses in a subnet of any desired size, larger or smaller
        than /64.

      * DHCP lets you control what addresses are allocated – you can
        ensure, for example, that a particular machine always gets a
        particular address, or that allocated addresses always come from
        some particular range.

      * DHCP provides a natural hooking point for additional control
        (the server software has to support that though).

      * DHCP provides a natural logging point – you can see when clients
        come and go, what addresses they had from time to time, and so
        on. With modern switches you can get a lot of that off the ports
        via SNMP, but DHCP can centralise it.

      * DHCP allocates addresses that do not (necessarily) contain the
        MAC address of the client. Autoconfigured addresses contain the
        MAc address of the host, and some people have an issue with
        displaying, globally, the MAC address of a host. They see it as
        "leaking" local information onto the global Internet. Temporary
        addresses are also a solution to this.

      * DHCP provides a mechanism to delegate prefixes (hand out
        prefixes rather than individual addresses).

All the above is DHCPv6 by the way. Most of it applies to DHCPv4 too.

"If you have DHCP, would that not break the radvd/autoconfig stuff?" 

No, not at all. Autoconfig and DHCP play very well together, and you can
mix and match. You can obtain your address by autoconf or from a DHCP
server, or obtain one (or more!) from *both*. You can get the ancillary
information like nameserver addresses for your autoconf address, or
delivered with a DHCP address. You can statically configure an address
and then go get the nameserver stuff from the DHCP server. And so on. 

For a very small network, where ancillary information like domains and
nameservers can be manually configured and where a /64 is natural, you
don't generally need DHCP. In networks where everything is dual stacked
and you only need v4 nameserver info, you can get nameserver info via
DHCPv4 and do without DHCPv6 (assuming none of the otherreasons for
using it apply). In large networks of autonomous devices (like sensors,
maybe) you probably don't need DHCP. In enterprise-style networks you
probably do need DHCP.

DHCPv4 is pretty straightforward; every OS has it in there by default.
This is not the case for IPv6 yet. However, there are at least two very
good DHCPv6 clients, WIDE and Dibbler. WIDE does the job for Unix,
Dibbler works on Unix and Windows. Both good, both effective, both open
and free, both easy to install. Dibbler is somewhat easier to configure.


-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)                   +61-2-64957160 (h)
http://www.biplane.com.au/~kauer/                  +61-428-957160 (mob)

GPG fingerprint: 07F3 1DF9 9D45 8BCD 7DD5 00CE 4A44 6A03 F43A 7DEF
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090609/33e08033/attachment.pgp>


More information about the Freeradius-Users mailing list