Re: comcast ipv6 PTR

[Mark Andrews <marka () isc org>]

In message <87iowyo4yn.fsf () nemi mork no>, =?utf-8?Q?Bj=C3=B8rn_Mork?= writes:
> Michael Thomas <mike () mtcc com> writes:
> > On 10/15/2013 08:35 AM, TJ wrote:
> > > > My cable company assigns me a different prefix every time the modem
> > > > reboots, about once a month, and I think that's pretty typical.
> > > Really?
> > > I think my IPv6 address form Comcast has changed (maybe) twice in the la=
> st
> > > 18 months, and I think it was only once.
> >
> > There's an entire universe within ietf who thinks that seamless
> > renumbering is
> > a Big Deal. We're obviously not completely there -- especially within
> > residential --
> > but any path forward should not count on the stability of
> > prefixes. Anywhere.
>
> Agreed.
>
> We will allocate semi-static prefixes, but have decided to do strict
> aggregation of retail subscriber prefixes on the BNGs. This means that
> the allocations will be perceived as static by most users, but there are
> no guarantees. We will renumber if the users move between BNGs,
> regardless of reason.  Including moving DSLAMs/OLTs.
>
> Having said that: Renumbering is not going to be seemless, even for
> simple home networks.  The last time I changed my home prefix, I
> completely forgot that I had put the old one into a cups access list.
> Took me a while to figure out why I couldn't make the printer work a
> month or so later...
>
> Typical static entries being added over time are:
>  - DNS glue

Well this is solvable using UPDATE + TSIG to update the glue held
in the parent zones.  People have used stored user names and passwords
to update things automatically for decades.  TSIG is just a user
name and a password.

For RRR managed zones see draft-andrews-dnsop-updating-parent-zones.

>  - access lists, both in your network and in other networks

Complain to your equipment vendor if they don't support dynamic
updating of these lists.

>  - interface config on devices where you don't want SLAAC or DHCPv6

Well if you refuse to use methods that are designed to make renumbering
events less painful you only have yourself to blame.

>  - server application configuration (you do want your mail server to use
>    a specific source address and not just choose one, right?)

Why do you care about the address other than it has a PTR record
associated with it.  You can tell IP stacks to NOT use privacy
addresses when selecting the source address to use for outgoing
connections.

>  + everything I forgot
>
> No, renumbering is not going to be seemless.  Yes, a smarter person
> could automate everything I list above, but we all know that's not going
> to happen.

No, we don't know it won't happen.

You just tackle one problem at a time and very soon you have a
machine that can be renumbered automatically.  It's about configuring
the machine in the first place.

Mark

> Bj=C3=B8rn
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka () isc org