[ipv6-wg] End-host IPv6 address allocation on Carrier Ethernet
- Previous message (by thread): [ipv6-wg] End-host IPv6 address allocation on Carrier Ethernet
- Next message (by thread): [ipv6-wg] End-host IPv6 address allocation on Carrier Ethernet
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Ivan Pepelnjak
ip at ioshints.info
Thu Sep 29 14:04:00 CEST 2011
You can't extract MAC from SLAACed IPv6 due to privacy extensions (RFC 4941). I like one-VLAN-per customer idea, but it doesn't always scale (in some environments you'd run out of VLANs). Thanks! Ivan > -----Original Message----- > From: ipv6-wg-bounces at ripe.net [mailto:ipv6-wg-bounces at ripe.net] On Behalf > Of Tero Toikkanen > Sent: Thursday, September 29, 2011 1:55 PM > To: ipv6-wg at ripe.net > Subject: Re: [ipv6-wg] End-host IPv6 address allocation on Carrier > Ethernet > > > #2 - use SLAAC and don't care > > ============================= > > Consumer hosts will get random IPv6 addresses out of your Carrier > Ethernet > > /64 prefix. Can you afford the "don't care" part of it? > > We provide a static /64 with SLAAC per connection, but allow static > addresses within that /64 as well. Connections are provisioned as > individual router subinterfaces, so user-to-address mapping happens on > subnet level and URPF prevents spoofing. This naturally works only as long > as you have a single customer/connection per VLAN, not so much with group- > VLANs (which are shared by several connections). With SLAAC you can dig > the MAC address from the IPv6-address, if necessary (MAC-spoofing can be a > problem, but that's the case with DHCP and IPv4-world as well. ND-attacks > are an issue as well.) > > The shortcomings with this approach include: > - doesn't work with group-VLANs > - the end-user has to configure DNS-servers manually > > ____________________________________ > Tero Toikkanen > Network Engineer > Nebula Oy
- Previous message (by thread): [ipv6-wg] End-host IPv6 address allocation on Carrier Ethernet
- Next message (by thread): [ipv6-wg] End-host IPv6 address allocation on Carrier Ethernet
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ ipv6-wg Archives ]