<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Mon, Dec 30, 2013 at 2:31 PM, Phil Mayers <span dir="ltr"><<a href="mailto:p.mayers@imperial.ac.uk" target="_blank">p.mayers@imperial.ac.uk</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div class="im"><span style="color:rgb(34,34,34)">One problem we have with this setup: If two devices are on a port, in different IPv6-enabled VLANs, they both see both RAs, and IPv6 connectivity breaks.</span></div>
</blockquote><div><br></div><div><rant issue="That's a terrible architecture" reply="Shove it."></div><div>How are these "different VLANs" if broadcast/multicast packets can pass from one to the other?<br>
</div><div><br></div><div>Also, it's not secure if all clients get all the RAs for all the VLANs, and (in theory at least) can thus just pick the one that works. The objective is to deny Internet connectivity to certain clients, right?</div>
<div></rant><br></div><div><br></div><div>And with that out of the way - are you sure the problem is the default route and not the source address? If the switch maps received traffic to a "VLAN" based on source MAC, then it will receive all hosts's packets, so outbound from the hosts should be fine. The problem is that some of the outbound packets will have the source address from the wrong "VLAN", and thus the replies will go to the wrong place. If that's the case, then you don't need to do routing in DHCPv6 for this to work - if you want to solve this using DHCPv6, you can do that by using DHCPv6 to configure addressing, not routing (which you can already do today). Routing is already fine.</div>
<div><br></div><div><div>Also, mostly for my own curiosity - what will you'll do when everything is available over IPv6? Will you disable IPv6 to maintain security, or will you stick to restricting IPv4 traffic even though it doesn't really do anything useful any more because everything is available over IPv6?</div>
</div><div><br></div><div>Cheers,</div><div>Lorenzo</div></div></div></div>