multiple prefixes

[Phil Mayers]

On 11/02/13 14:26, Tim Chown wrote:

>> I believe I would just use privacy/temporary addresses by default, and
>> pull MAC<->L3 mappings off the switches/routers for the purposes of
>> auditing.  That way you're more likely to notice when someone changes
>> IP addresses (IPv6 or otherwise).
>
> This is I think what most campus enterprises are doing. It's certainly
> exactly what we do here.

+1. We have a home-grown solution for this dating back years, based on 
Postgres, so it's IP version-agnostic.

The only thing to note is that we saw disk-space for the SQL database 
grow by a large factor as we rolled out IPv6, due to the "fast" churn of 
IPv6 addresses. Not a huge problem given the cost of disk these days, 
but worth keeping an eye on.

Personally I think caring about client choice of address in "normal" LAN 
networks is not time well-spent, but it's something reasonable people 
can disagree on.