DHCPv6 accounting
Eric Vyncke (evyncke)
evyncke at cisco.com
Wed May 22 08:35:43 CEST 2013
Indeed, the NDP cache is mostly the only way to get the MAC/IPv6 mapping... because even if DHCP is mandated and SLAAC disabled, nothing prevent a bad guy to use static configuration of his/her IPv6 address (actually you could use SAVI switch to enforce DHCP addresses for global addresses but not for link-local).
...with some further comments, some SAVI switches can also log (in our case over syslog) all newly discovered mappings, the NDP cache can be browsed by SNMP requests, and I still wonder about those IETF drafts where DHCP is used to signal a change in the NDP cache (which does not seem related to the meaning and purpose of DHCP).
-éric
> -----Original Message-----
> From: ipv6-ops-bounces+evyncke=cisco.com at lists.cluenet.de [mailto:ipv6-ops-
> bounces+evyncke=cisco.com at lists.cluenet.de] On Behalf Of Erik Kline
> Sent: mercredi 22 mai 2013 08:18
> To: Tim Chown
> Cc: ipv6-ops at lists.cluenet.de; Phil Mayers
> Subject: Re: DHCPv6 accounting
>
> > I also recall there's a personal IETF draft suggesting use of DHCP for a
> router to report addresses seen via ND on a link.
>
> there were two at the same time, I seem to recall, one of which was:
>
> http://tools.ietf.org/html/draft-asati-dhc-ipv6-autoconfig-address-
> tracking-00
More information about the ipv6-ops
mailing list