This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/ipv6-wg@ripe.net/
[ipv6-wg] End-host IPv6 address allocation on Carrier Ethernet
- Previous message (by thread): [ipv6-wg] Second Call for IPv6 WG agenda items
- Next message (by thread): [ipv6-wg] End-host IPv6 address allocation on Carrier Ethernet
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Ivan Pepelnjak
ip at ioshints.info
Thu Sep 29 10:32:13 CEST 2011
Hi, Trying to figure out how to do IPv6 address allocation for consumer customers connecting their end-hosts (Windows/OSX/Linux) directly to a Carrier Ethernet network/VLAN (obviously through some sort of fiber-to-Ethernet converter/bridge). The particular problem bothering me is user-to-address mapping traceability that you might need for regulatory/law enforcement reasons. I see the following options: #1 - use DHCPv6 instead of SLAAC ================================ Requires support for DHCPv6 Option37/38 and L3 switches all the way to the end-user (unless your favorite vendor supports L2 DHCPv6 extensions) and allows any third-party to track the user based on pretty static IPv6 address. Also requires DHCPv6 snooping/IPv6 source guard to prevent overly-easy spoofing. #2 - use SLAAC and don't care ============================= Consumer hosts will get random IPv6 addresses out of your Carrier Ethernet /64 prefix. Can you afford the "don't care" part of it? #3 - use CPE devices that only allow DHCPv6 IA_PD ================================================= This might be the cleanest approach (you map the customer into an IPv6 prefix), but it requires strict control of the CPE devices by the SP (think cable modems). #4 - use PPPoE over Carrier Ethernet ==================================== Been there, seen that. Not sure we can afford the performance/licensing hits. However, it does solve the authentication problems (PAP/CHAP), address tracking (RADIUS accounting records), randomized addresses (use local pool on the PE-router). Anything I've missed or is it really so bleak? Thanks Ivan
- Previous message (by thread): [ipv6-wg] Second Call for IPv6 WG agenda items
- Next message (by thread): [ipv6-wg] End-host IPv6 address allocation on Carrier Ethernet
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ ipv6-wg Archives ]