nanog mailing list archives
Re: IPv6 Security [Was: Re: misunderstanding scale]
From: Mohacsi Janos <mohacsi () niif hu>
Date: Wed, 26 Mar 2014 19:24:33 +0100 (CET)
On Wed, 26 Mar 2014, Luke S. Crawford wrote:
On 03/24/2014 06:18 PM, Owen DeLong wrote:DHCPv6 is no less robust in my experience than DHCPv4. ARP and ND have mostly equivalent issues.This depends a lot on what you mean by 'robust'Now, I have dealt with NAT, and I see IPv6 as a technology with the potential to make my life less unpleasant. I really want IPv6 to succeed.However, DHCPv6 isn't anywhere near as useful for me, as someone who normally deals with IPs that don't change, as DHCPv4 is.With DHCPv4, my customers all get an address based on their mac that doesn't change if their box is re-installed. I configure this on the DHCP server, and the customer can run whatever dhcp client they like on whatever OS they like and they get the same IP every time.With DHCPv6 there is a time-based identifier that is added to the mac that makes it impossible, as far as I can tell, to give the customer a consistent IP across OS wipes without doing significant client configuration.
This is stupidity of the DHCPv6 client/OS implementation. They should use DUID type 3 (DUID-LL) by default, not DUID type 1 (DUID-LLT). This can be circumvented by setting the default to type 3, but...
Regards, Janos Mohacsi
Current thread:
- Re: IPv6 Security [Was: Re: misunderstanding scale], (continued)
- Re: IPv6 Security [Was: Re: misunderstanding scale] Mark Tinka (Mar 23)
- Re: IPv6 Security [Was: Re: misunderstanding scale] Timothy Morizot (Mar 24)
- Re: IPv6 Security [Was: Re: misunderstanding scale] Mark Tinka (Mar 24)
- Re: IPv6 Security [Was: Re: misunderstanding scale] Owen DeLong (Mar 24)
- Re: IPv6 Security [Was: Re: misunderstanding scale] Paul Ferguson (Mar 24)
- RE: IPv6 Security [Was: Re: misunderstanding scale] Naslund, Steve (Mar 24)
- Re: IPv6 Security [Was: Re: misunderstanding scale] Lee Howard (Mar 25)
- Re: IPv6 Security [Was: Re: misunderstanding scale] Lamar Owen (Mar 25)
- Re: IPv6 Security [Was: Re: misunderstanding scale] Luke S. Crawford (Mar 26)
- Re: IPv6 Security [Was: Re: misunderstanding scale] Jack Bates (Mar 26)
- Re: IPv6 Security [Was: Re: misunderstanding scale] Mohacsi Janos (Mar 26)
- Re: IPv6 Security [Was: Re: misunderstanding scale] Matt Palmer (Mar 26)
- Re: IPv6 Security [Was: Re: misunderstanding scale] Luke S. Crawford (Mar 26)
- Re: IPv6 Security [Was: Re: misunderstanding scale] Timothy Morizot (Mar 26)
- Re: IPv6 Security [Was: Re: misunderstanding scale] Chuck Anderson (Mar 26)
- Re: IPv6 Security [Was: Re: misunderstanding scale] Owen DeLong (Mar 26)
- Re: IPv6 Security sthaug (Mar 27)
- Re: IPv6 Security Henri Wahl (Mar 27)
- Re: IPv6 Security Owen DeLong (Mar 27)
- Re: IPv6 Security sthaug (Mar 27)
- Re: IPv6 Security Karl Auer (Mar 27)