Why used DHCPv6 when RA has RDNSS and DNSSL?
Fernando Gont
fernando at gont.com.ar
Thu Apr 2 10:24:34 CEST 2020
On 2/4/20 03:19, Gert Doering wrote:
> Hi,
>
> On Thu, Apr 02, 2020 at 12:09:34AM -0300, Fernando Gont wrote:
>> On 1/4/20 14:16, Gert Doering wrote:
>> [...]
>>> Even IETF discontinued recommending DHCPv6-PD for "inside a home network",
>>> because it doesn't work.
>>
>> Would you mind elaborating on this one?
>
> Which of the two parts? :-)
>
> As far as I understand, the official IETF recommendation for "how to
> run a home with multiple subnets" is "homenet / HNCP" now, which distributes
> individual /64s via HNCP, not whole prefixes via DHCPv6-PD.
I haven't been following homenet, to be honest. Is it widely implemented?
> The reason why I state "DHCPv6 doesn't work" is "in practice". There is
> a practical lack of interest from vendors to make it work properly (as in,
> you can properly tie the delegated prefix(es) to ACLs, for example).
>
> On the "why is this a bad idea to start with" side, the chunkiness of
> subnet distribution makes it really unsuitable for anything but the most
> simple 1-level hierarchy.
>
>
> So, ISP-to-customer, delegates a /56. Next-level router asks for a prefix,
> and gets... what? Third-level router asks for a prefix, and gets what?
I guess a % of what was originally leased?
In any case, I'm not sure one would do much more than 2 or three
hierarchies of DHCPv6-PD.
And when it comes to the home, if the CPE could do PD on the LAN side,
most current needs would be covered.
Clearly, without a requirements of how many levels you want to support,
it's impossible to tell how you might want to partition your address space.
And the desire to delegate prefixes is also a bit at odds with the
strict definition of /64 subnets which end up using a huge address space
with a very low host density.
> Corporate ISP-to-customer delegates a /48, so theoretically, there are
> "enough /56s in there to do lots of PD delegation to next-level routers" -
> but in practice, a /48 is supposed to be sufficient for a good-sized
> office building with *lots* of internal structure, and as soon as you
> have lots of internal network segments, you have no liberty to just give
> out random /56s here and there anymore.
But, in that case, I'm not sure you'd want *dynamic* leases.
> Now, abandon the idea of "multi-level" DHCPv6-PD, and just assume "all
> you'll ever see is mobile clients asking for a single /64" (which, as
> I heard, is thinking too small, because you can have stacks of stacks,
> but stick to the /64 for the moment). Normally, you'd assign a /64 per
> network segment - office LAN floor 1, 2, 3, guest LAN, etc. - and have
> (effectively) an infinite number of addresses for more machines than
> you can ever connect.
Just curious: what would be the use case of /64 per host (besides trying
to limit number of entries in the NC, etc.)?
Thanks,
--
Fernando Gont
e-mail: fernando at gont.com.ar || fgont at si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
More information about the ipv6-ops
mailing list