multiple prefixes

[Tore Anderson]

* David Magda

> Is anyone doing two or more prefixes per VLAN? Specifically I'm
> toying with the idea of having a provider dependent (PD) prefix which
> uses the privacy options (RFC 3041/4941) for external surfing, and a
> ULA-based prefix for internal traffic (using EUI for better
> logging).

Use of multiple prefixes on a LAN is an essential part of IPv6. If you
look closely, you'll see that you always have an address within
fe80::/64 on all interfaces, in addition to whatever else you've
configured your network with.

> From what I could find, there aren't any RA options to specify
> whether privacy options should be used on a per prefix basis. You'd
> have to use DHCPv6, with IA_TA for privacy-desired prefixes, and
> IA_NA for the ULA prefixes. (Of course ISC DHCPd doesn't support
> sending out multiple prefixes as of the current 4.2.x series.)

The DHCPv6 protocol itself does not have support handing out prefixes.
It can only hand out individual addresses (in other words /128s). If you
want your hosts to have routes to an on-link prefix, the only way to do
it is to advertise that prefix in RAs with the L flag set.

> Has anyone done this, or considered doing it? Pros/cons?

Not all DHCPv6 clients request IA_TA by default. The way
Linux/NetworkManager invokes ISC dhclient won't, at least. Looking at
its manual page at http://linux.die.net/man/8/dhclient, it seems IA_NA
vs IA_TA is either/or, and since the RA's M flag doesn't give any hints
as to which one should be requested, it only ends up doing a "normal"
IA_NA query.

--
Tore Anderson