macos Sierra with CGA address?

Fernando Gont fernando at
Wed Dec 14 23:44:05 CET 2016

On 12/14/2016 08:40 AM, Jeroen Massar wrote:
> On 2016-12-14 12:25, Holger Zuleger wrote:
>> Hi Jeroen,
>>>> I found two or three posts in the internet, all mentioning (or hoping)
>>>> that this is related to a change to RFC7217 as default IID mechanism.
>>>> But one guy sad, that the source code (of 10.11) shows, that this is a
>>>> cryptographic generated interface identifier for SeND (RFC3971).
>>>> I tend to believe that the latter is true.
>>> Seeing how Apple implemented things like "Happy Eyeballs" it likely is
>>> neither. And in the case of "Happy Eyeballs" there is no way to turn it
>>> off either. Filing radar bugs clearly does not help as they never get
>>> addressed or marked as 'dupe' at which point you do not know the status
>>> of the 'original' problem and well, nothing happens...
>>>> Has anyone more information about this? Especially how to configure it?
>>> The only trick I found out was:
>>> 8<-------
>>> Also who has typed: "sudo sysctl -w net.inet6.ip6.maxifprefixes=1" (or
>>> stored the setting in /etc/sysctl.conf) recently? ;)
>>> --------->8
>> To be honest, that's definitively is not the way I like to go.
>>> As then you only get the DHCPd address (requires DHCPv6 server....) on
>>> your interface and not all the other magic ones that change all the time
>>> and are extremely useless if you want to ADDRESS a host...
>>> (yes, I love VNC'ing, SSH'ing and doing SSH-backups of my boxes...)
>> Oh no, DHCPv6 is not needed here.
> Until Sierra, I didn't have any DHCPv6 either... but now I do because I
> really love my static and known addresses. People know I have a Mac
> anyway, thus what info am I losing there?
>> The problem is *not* that this IID is changing. It is a stable one. And
>> yes, I vote not against temporary addresses.
> Actually, it is not a stable address as some have found out (read:
> anecdotal), they also change at re-install and there are a couple of
> other possibilities from what I recall.

One might argue that a reinstall results in a conceptualy different
system. The fact that the underlying hardware is tha same is anecdotical.

Fernando Gont
e-mail: fernando at || fgont at
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1

More information about the ipv6-ops mailing list