PTR records for IPv6
Dale W. Carder
dwcarder at wisc.edu
Thu Sep 5 21:52:42 CEST 2013
Thus spake Dan Wing (dwing at cisco.com) on Thu, Sep 05, 2013 at 09:49:12AM -0700:
> > If you're doing SLAAC and create an RA option, then to keep track system,
> > you'd probably have to configure switches and routers to create a (syslog)
> > entry every time a new machine is attached to a port. You need to keep
> > track of this anyway for MAC tables, so perhaps some (togglable) code
> > could be added to make a note of new and changed entries. You send that to
> > a central logging host (which is generally best practice) for auditing
> > purposes.
> Yes, that is all current best practice and what most equipment already does. The tooling to analyze that data remains painful (manual grepping the files is error prone and tiresome, but because many tools insist one [or maybe two] addresses per host, grepping is the only robust option for many. Or they just disable privacy addresses on their network to skirt the problem.)
We just log to an sql db. If that row already exists just update the
timestamp on the entry, otherwise create a new row. This is a lot more
flexible than grep.
Many switches can send mac address change notification traps. As far as
I know there is not an equivalent for the v6 neighbor table, so we must
resort to polling.
More information about the ipv6-ops