2010/9/9, Claudio Jeker <cjeker@diehard.n-r-g.com>:
quoted text
>> And a new flag to struct in6_ifextra?
>
> Nope, it will be part of ifnet->if_xflags.

Actually, it's already in in6_ifextra->nd_ifinfo->flags, named
ND6_IFF_ACCEPT_RTADV and controlled by the "ndp -i" command. However,
ifconfig autoconfprivacy uses if_xflags and separating these two looks
kind of dirty... Wouldn't it be better to move autoconfprivacy from
ifconfig to ndp (as privacy_rtadv flag)? The option name is pretty
long and the thing is ndp-related... How much would have people
suffered from that change?

And slowly back to the original question. Is it safe to allow
accepting RAs on a router then? I mean in terms of messing with
default router list (make sure the routines only touch RTF_CONNECTED
and correct those XXX'ed conditions with ip forwarding). BTW: RTF_MAX
comment should be "minimum priority" instead of "maximum" :-)

quoted text
> Because ND depends on multicast and therefor needs a local scope and
> because of this we end up with addressing scopes and then we need
> stateless address assignment on the local scope with duplicate address
> detection and now you're deep down in the darkest of the dark holes.

Strange, I always thought that stateless address assignment and
link-local scope were the features of the protocol :-) DAD just comes
up because it's obviously necessary. And maybe they thought multicast
queries were a bonus for ISPs which cheap switches would broadcast
anyway.

quoted text
> Hmm. Please show me a switch that actually does the ND multicast in a
> non-flooding way. By default most multicast is treated like broadcast and
> is flooded all over the place. So there is no gain for a hell lot of pain.

Our peer's Cizcoe C4900M for example. I'm going to test our 3com 4200G
as it should work too. I guess in the size that you really need it,
you already have the money to find a switch that supports it. (and
they probably hoped the manufacturers would cooperate ;-))

quoted text
> There is nothing wrong with mutlicast where multicast is needed but
> neighbor discovery (aka address resolution) is not one of those cases.
> Sure the theory sounds sexy but in reality it is just painful.

You got that right, it isn't necessary here. I guess I'm just lucky
not being painfully hurt.

quoted text
> It is a forced deployment and it is only possible because many things
> implied with IPv6 got killed. It is funny that all those things that
> should never ever be needed in IPv6 are suddenly implemented (best example
> dhcp6).

I thought that that's why the autonomous flag in RA was for from the
very beginning. The RFC from august 1996 has a reference to DHCPv6 in
it...
But yes, a lot of simple things should've been there from the
beginning (RFC 5006 being probably the most user-visible one)

quoted text
> As an example of political nonsense look at what it took to be able to get
> PI IPv6 space.

Okay, I get it now...

-- 
Martin Pelikan