extending at the edge
lorenzo at google.com
Thu Oct 11 11:18:03 CEST 2012
On Thu, Oct 11, 2012 at 6:08 PM, Nick Hilliard <nick at foobar.org> wrote:
> Providers will hand out single /128s because that is easy to do.
Actually, it's not easy to do.
You have to install and maintain a stateful DHCPv6 server and disable
SLAAC, and you have to accept that your users will not be able to use
privacy addresses (since those require SLAAC). Further, if you want it to
be secure, you have to make your first-hop switches ensure that a given MAC
address can only use one IPv6 address.
This is all possible (though probably not with today's feature sets), but
it's not very pretty. It's much easier to segment at layer 2 and put each
user into a separate VLAN with a separate /64. That way there's no need to
implement stateful DHCPv6, because you can just rely on SLAAC for
addressing, and you don't need your devices to perform complex layer2/3
interactions like ARP snooping, DHCPv6 snooping, forced forwarding, etc.
So from an engineering point of view, handing out /128s is a much worse
solution. However, if the provider takes the point of view that "every
device connecting to the network that hasn't paid a subscription is lost
revenue", then there is a perceived incentive to use it.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ipv6-ops