Re: CALL FOR DISCUSSION: DHCP over IKE vs Configuration Payload

[Michael Richardson <mcr@sandelman.ottawa.on.ca>]

>>>>> "Derek" == Derek Atkins <derek@ihtfp.com> writes:
    Derek> issues point at one towards the other.  I think Config Payload
    Derek> wins on performance, and DHCP-over-IKE wins on extensibility.
    Derek> DHCP certainly wins in terms of using end-to-end DHCP
    Derek> authentication, but that implies the use of a DHCP infrastructure.

  The use of DHCP syntax on the wire does not imply that a DHCP
infrastructure must exist.

  If you want to build a self-contained gateway box that manages its own
address pool (on the box irself), then you can do that.
  If you want to translate to other infrasture (radius), Tero has documented
how to do that. 

  Tero also argues that if you are using Radius with EAP, that your round
trip count is already larger than 4, so DHCP does not add to it.

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [