Handing out DNS server from Cisco local pool

Brian E Carpenter brian.e.carpenter at gmail.com
Mon Mar 21 22:49:20 CET 2011 

If you set the universal/local bit to zero, you shouldn't collide with any EUI-64
ID based on a genuine Ethernet address. So you can do what you want.

Starting at 1 is probably a bad idea if you want to defeat scanning
attacks.

There is a residual probability (1 in 2^63, without allowing for the
birthday paradox) of colliding with an RFC 4941 privacy address, but
duplicate address detection should take care of that. It should also
take care of any accidental misconfiguration, of course.

Regards
   Brian

On 2011-03-22 10:13, Chad Kissinger wrote:
> This leads to a question that I still have about choosing appropriate Interface IDs... how do you choose a range of Interface IDs that haven't been reserved already (for Stateless Autoconfig, etc.)? 
> 
> As far as I can tell, you only need to unset the 71st and 72nd bits and not use all 0s for the Interface ID.. this would translate into choosing an Interface ID that met the following conditions:
> 
> 1.  The second hexadecimal character in the Interface ID should be 0, 4, 8 or c
> 2.  The entire Interface ID shouldn't be all 0s.  
> 
> Is this accurate, or am I missing something.  The issue of how to choose an appropriate Interface ID for manual configuration or for a DHCP pool seems to be completely unaddressed in everything I read about IPv6.  
> 
> 
> chad kissinger  |  founder-vp  |  onramp access, llc 
> p: 512.322.9200  |  f: 512.476.2878  |  www.onr.com
> your internet operations  |  built  |  deployed  |  managed
> 
> 
> -----Original Message-----
> From: ipv6-ops-bounces+chad=onr.com at lists.cluenet.de [mailto:ipv6-ops-bounces+chad=onr.com at lists.cluenet.de] On Behalf Of Frank Bulk
> Sent: Monday, March 21, 2011 3:56 PM
> To: ipv6-ops at lists.cluenet.de
> Subject: Handing out DNS server from Cisco local pool
> 
> If I want to hand out an IPv6 DNS server via Cisco's local pool for the WAN
> interface, how is that done?
> 
> With IPv4 it's just a:
> interface Virtual-Template1
>  ppp ipcp dns <IP 1> <IP 2>
> 
> With IPv6 it's supposed to run DHCPv6 over the WAN link, and Cisco's "local
> pool" command hands out IPv6 addresses very nicely:
> ipv6 local pool ipv6pool-lns <IPv6>::/56 65
> 
> but there appears to be no way to specify the DNSv6 address(es).
> 
> Frank
> 
> 
>

More information about the ipv6-ops mailing list