[ipv6-wg] End-host IPv6 address allocation on Carrier Ethernet

You can't extract MAC from SLAACed IPv6 due to privacy extensions (RFC 4941).

I like one-VLAN-per customer idea, but it doesn't always scale (in some environments you'd run out of VLANs).

Thanks!
Ivan

> -----Original Message-----
> From: ipv6-wg-bounces at ripe.net [mailto:ipv6-wg-bounces at ripe.net] On Behalf
> Of Tero Toikkanen
> Sent: Thursday, September 29, 2011 1:55 PM
> To: ipv6-wg at ripe.net
> Subject: Re: [ipv6-wg] End-host IPv6 address allocation on Carrier
> Ethernet
> 
> > #2 - use SLAAC and don't care
> > =============================
> > Consumer hosts will get random IPv6 addresses out of your Carrier
> Ethernet
> > /64 prefix. Can you afford the "don't care" part of it?
> 
> We provide a static /64 with SLAAC per connection, but allow static
> addresses within that /64 as well. Connections are provisioned as
> individual router subinterfaces, so user-to-address mapping happens on
> subnet level and URPF prevents spoofing. This naturally works only as long
> as you have a single customer/connection per VLAN, not so much with group-
> VLANs (which are shared by several connections). With SLAAC you can dig
> the MAC address from the IPv6-address, if necessary (MAC-spoofing can be a
> problem, but that's the case with DHCP and IPv4-world as well. ND-attacks
> are an issue as well.)
> 
> The shortcomings with this approach include:
> - doesn't work with group-VLANs
> - the end-user has to configure DNS-servers manually
> 
> ____________________________________
> Tero Toikkanen
> Network Engineer
> Nebula Oy