ipv6 network fail (newbie alert)

Brian E Carpenter brian.e.carpenter at gmail.com
Fri Mar 22 09:24:24 CET 2013


On 22/03/2013 00:18, David Magda wrote:
> On Mar 21, 2013, at 17:12, Noel Butler wrote:
> 
>>> More than that, I think. Assigning static addresses is a clear invitation
>>> to assigning duplicate addresses by a slip of the keyboard. In any case,
>>> you can't prevent unruly hosts performing SLAAC. DAD is unavoidable.
>>>
>>>   Brian
>> Depends on your usage, my only IPv6 usage is on servers, surely you are
>> not going to suggest they get anything other than static.
>> If it's a home network, you may have a valid point.
> 
> Isn't NDP used for IP-to-MAC mapping (RFC 4861, §4.3)? There's also MTU discovery (§4.2, MTU option (§4.6.4)), and neighbor unreachability detection (§7.3).
> 
> One can certainly limit/filter some of the packets accepted, but completely blocking NDP will likely break things.

It will break things. Apart from link-local during a cold start, as Marco
pointed out, what happens (for example) on a server network if you need
to plug in a laptop for some diagnostic purpose?

    Brian

P.S. RFC 6866 touches on this issue. draft-chown-6man-tokenised-ipv6-identifiers
touched on it too, but was not adopted so far.



More information about the ipv6-ops mailing list