Server addressing for renumbering ease
Mohacsi Janos
mohacsi at niif.hu
Sun Nov 7 21:22:24 CET 2010
On Sat, 6 Nov 2010, Ben Jencks wrote:
> According to [1], they used EUI-64 addressing on their servers so that
> they could renumber easily. The common objection to that is that you
> wouldn't want to change DNS anytime you swapped a NIC (and thus a mac
> address). The obvious alternative is static addressing, but that makes
> renumbering a pain. There's also DDNS, but that seems like a bigger
> headache than either of the above [2]. What are people here doing?
Using autoconfigured addresses on servers are bad idea. If you want to
generate big problems for yourselves, use it on DNS servers....
In 6diss/6deploy training material we are advocating using static
addresses for servers:
http://www.6deploy.eu/tutorials/131_IPv6_deployment%20consideration_v0_8.pdf
>
> Some other options:
> * Solaris lets you configure just the host-part, and it takes the
> network-part from RAs. This seems ideal, but it only works on solaris.
> * Use a configuration management system (puppet, chef, cfengine, etc)
> to assign addresses, so you can do find/replace in one place during
> renumbering. This would require being very careful as you risk
> breaking the connection to the config server itself.
>
> I know it's an old topic, but there doesn't seem to be a lot of
> guidance around. If there's a consensus I can see about making a page
> at getipv6.info.
>
> [1] http://getipv6.info/index.php/Renumbering_an_IPv6_Network
> [2] You can give each server only the ability to update its own name,
> but you have to give them all free reign over the reverse zone. Seems
> like a security nightmare. Alternatively you can do it through DHCP,
> but then you're back to mac-address dependence (client-identifier is
> configurable, therefore not trustworthy).
>
> -Ben
>
More information about the ipv6-ops
mailing list