Question on DHCPv6 address assignment

Brian E Carpenter brian.e.carpenter at
Sat Feb 1 23:44:30 CET 2014

It's also worth noting that the old presumption that MAC-based
interface identifiers are normal and anything else is strange is
obsolete. See
which is approved in the RFC queue already and
for a possible future recommendation.

These documents are mainly written with SLAAC in mind rather
than DHCPv6, but I don't think that changes the principles.
Personally I would avoid "sequential range like fd00::1, fd00::2"
because it exposes you to easy scanning attacks. Random seems
best except for servers.

   Brian Carpenter

On 02/02/2014 09:18, Henri Wahl wrote:
> Hi,
>> 1) What's the pattern with which addresses are generated/assigned? Are
>> they sequential (fc00::1, fc00::2, etc.)?  Random? Something else?
> We use our dhcpy6d ( which allows 4
> different address categories:
> - sequential range like fd00::1, fd00::2
> - completely random /64 like with privacy extensions:
> fd00::3d2a:563f:76f1:d94f
> - plain MAC address like fd00::2034:d4f1:439a
> - some arbitrary id number given in client configuration like fd00::1,
> fd00::3421
> See for
> details.
> This way one can hand out for example 2 addresses to clients, one random
> privacy-aware global and one range or MAC-based for internal use. The
> bad news is that only Windows 7+ is capable of handling more than one
> address given by DHCPv6 out of the box. Linux has to be tweaked not to
> use Network-Manager and MacOS fails completely - maybe would work with
> some dhclient or dibbler-client.
>> 2) What about their stability? Is there any intent/mechanism for them to
>> be as "stable" as possible? Or is it usual for hosts to get a new
>> address for each lease?
> MAC and ID based addresses are of course stable, the range based ones
> intend to be too and the random ones are regenerated whenever a lease
> expired.
> Best regards
> Henri

More information about the ipv6-ops mailing list