This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/ipv6-wg@ripe.net/
[ipv6-wg] End-host IPv6 address allocation on Carrier Ethernet
- Previous message (by thread): [ipv6-wg] End-host IPv6 address allocation on Carrier Ethernet
- Next message (by thread): [ipv6-wg] End-host IPv6 address allocation on Carrier Ethernet
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Tero Toikkanen
Tero.Toikkanen at nebula.fi
Thu Sep 29 13:55:00 CEST 2011
> #2 - use SLAAC and don't care > ============================= > Consumer hosts will get random IPv6 addresses out of your Carrier Ethernet > /64 prefix. Can you afford the "don't care" part of it? We provide a static /64 with SLAAC per connection, but allow static addresses within that /64 as well. Connections are provisioned as individual router subinterfaces, so user-to-address mapping happens on subnet level and URPF prevents spoofing. This naturally works only as long as you have a single customer/connection per VLAN, not so much with group-VLANs (which are shared by several connections). With SLAAC you can dig the MAC address from the IPv6-address, if necessary (MAC-spoofing can be a problem, but that's the case with DHCP and IPv4-world as well. ND-attacks are an issue as well.) The shortcomings with this approach include: - doesn't work with group-VLANs - the end-user has to configure DNS-servers manually ____________________________________ Tero Toikkanen Network Engineer Nebula Oy
- Previous message (by thread): [ipv6-wg] End-host IPv6 address allocation on Carrier Ethernet
- Next message (by thread): [ipv6-wg] End-host IPv6 address allocation on Carrier Ethernet
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ ipv6-wg Archives ]