Question on DHCPv6 address assignment
Henri Wahl
h.wahl at ifw-dresden.de
Sun Feb 2 10:36:19 CET 2014
Hi,
> It's also worth noting that the old presumption that MAC-based
> interface identifiers are normal and anything else is strange is
> obsolete. See http://tools.ietf.org/html/draft-ietf-6man-ug-06
> which is approved in the RFC queue already and
> http://tools.ietf.org/html/draft-ietf-6man-default-iids-00
> for a possible future recommendation.
>
For environments where the IPv4 address management is based on MACs the
transistion to IPv6 might be done easier if MACs still can be used.
> These documents are mainly written with SLAAC in mind rather
> than DHCPv6, but I don't think that changes the principles.
> Personally I would avoid "sequential range like fd00::1, fd00::2"
> because it exposes you to easy scanning attacks. Random seems
> best except for servers.
>
For internal addresses I would prefer anything not-random. If there is a
situation when one has to debug through larger amounts of IPv6 addresses
a bunch of random addresses will likely cause more confusion.
External client addresses should be random.
Regards
Henri
--
Henri Wahl
IT Department
Leibniz-Institut für Festkörper- u.
Werkstoffforschung Dresden
tel. (03 51) 46 59 - 797
email: h.wahl at ifw-dresden.de
http://www.ifw-dresden.de
IFW Dresden e.V., Helmholtzstraße 20, D-01069 Dresden
VR Dresden Nr. 1369
Vorstand: Prof. Dr. Ludwig Schultz, Dr. h.c. Dipl.-Finw. Rolf Pfrengle
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4719 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20140202/534db942/attachment.bin
More information about the ipv6-ops
mailing list