Why used DHCPv6 when RA has RDNSS and DNSSL?
Philip Homburg
pch-clue6ops-2 at u-1.phicoh.com
Thu Apr 2 10:44:04 CEST 2020
>So you need to somehow build a prefix distribution mechanism, so people
>can have an arbitrary number of PD prefixes in "wherever network they=20
>happen to be". So we're back to multi-level PD, with all the challenges
>(firewall rules, ACLs, internal routing, ...). And even then, a /48
>might no longer be sufficient for a company with, say, 500 internal
>network segments and 40.000 employees - where it would be extremely=20
>spacious otherwise.
Independent of the prefix distribution mechanism, it may be worth revisiting
having a single /48 for an organisation of 40000 employees.
There needs to be way to shield network complexity within a host from the
rest of the network. If we don't then limits on what routers can track (ND)
can become a limit in what we can do on a host. Even now people are already
worried about the number of 'privacy addresses'.
So having an address policy that would support a /64 per host makes sense to
me.
If we assume that hosts have no further structure (i.e., this just requests
one or a few /64s) then managing prefixes allocated to hosts is very similar
to managing individual addresses. So there is no reason why PD would not work
for that.
Of course, in a network of routers, PD makes less sense. However in this case,
when the network is actually managed, routers get prefixes from some
addressing plan, not from an automated mechanism.
That leaves homenet as the most complex dynamic case: potentially multiple
layers of routers that should configure automatically. However, in the homenet
case, the network is typically small enough that keeping track of individual
/64s is possible. So PD where each request is a /64 could very well work.
(I'm not trying to express an opinion on HNCP here)
More information about the ipv6-ops
mailing list