[ipv6-wg] End-host IPv6 address allocation on Carrier Ethernet

Hi,

Trying to figure out how to do IPv6 address allocation for consumer customers connecting their end-hosts (Windows/OSX/Linux) directly to a Carrier Ethernet network/VLAN (obviously through some sort of fiber-to-Ethernet converter/bridge).

The particular problem bothering me is user-to-address mapping traceability that you might need for regulatory/law enforcement reasons.

I see the following options:

#1 - use DHCPv6 instead of SLAAC 
================================
Requires support for DHCPv6 Option37/38 and L3 switches all the way to the end-user (unless your favorite vendor supports L2 DHCPv6 extensions) and allows any third-party to track the user based on pretty static IPv6 address. Also requires DHCPv6 snooping/IPv6 source guard to prevent overly-easy spoofing.

#2 - use SLAAC and don't care
=============================
Consumer hosts will get random IPv6 addresses out of your Carrier Ethernet /64 prefix. Can you afford the "don't care" part of it?

#3 - use CPE devices that only allow DHCPv6 IA_PD
=================================================
This might be the cleanest approach (you map the customer into an IPv6 prefix), but it requires strict control of the CPE devices by the SP (think cable modems).

#4 - use PPPoE over Carrier Ethernet
====================================
Been there, seen that. Not sure we can afford the performance/licensing hits.

However, it does solve the authentication problems (PAP/CHAP), address tracking (RADIUS accounting records), randomized addresses (use local pool on the PE-router).

Anything I've missed or is it really so bleak?

Thanks
Ivan