Linux source address selection vs. EUI-64
drake at begriffli.ch
Mon Nov 15 21:17:59 CET 2010
Quoth Mark Smith <nanog at 85d5b20a518b8f6864949bd940457dc124746ddc.nosense.org>, on 2010-11-16 06:34:42 +1030:
> I'm reconsidering this. Conceptually they are mutually exclusive, until
> you consider the direction of connection. Privacy addresses as sources
> for outbound connections and static addresses as targets for inbound
> connections seems valid, although probably a bit rare.
FWLIW, this is exactly what I'd expect for a machine that acts as both
server and client and is configured with privacy addresses. For an
inbound connection, the other endpoint has to know your IP already in
order to initiate the connection, but having outbound connections be
too trivially linkable with each other or with inbound connections is
not necessarily desirable. When it is specifically desired (e.g., for
certain kinds of dialback or multiple-connection protocols), the
application can bind sockets to the same IP address explicitly; this
is needed anyway for other multihoming cases, unless I'm very much
mistaken. Similar considerations apply for connectionless traffic.
Machines that care more about address stability than being mixed with
other machines in the same segment should not be configured with
privacy addresses in the first place.
It also occurs to me that such a setup may have interesting and useful
implications for connection classification for border gateways in
front of clusters of servers, though I'm not sure I can construct a
full example off the top of my head.
---> Drake Wilson
More information about the ipv6-ops