On Thu, Oct 11, 2012 at 6:08 PM, Nick Hilliard <span dir="ltr"><<a href="mailto:nick@foobar.org" target="_blank">nick@foobar.org</a>></span> wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="im">Providers will hand out single /128s because that is easy to do.</div></blockquote><div><br></div><div>Actually, it's not easy to do.</div><div><br></div><div>You have to install and maintain a stateful DHCPv6 server and disable SLAAC, and you have to accept that your users will not be able to use privacy addresses (since those require SLAAC). Further, if you want it to be secure, you have to make your first-hop switches ensure that a given MAC address can only use one IPv6 address.</div>
<div><br></div><div>This is all possible (though probably not with today's feature sets), but it's not very pretty. It's much easier to segment at layer 2 and put each user into a separate VLAN with a separate /64. That way there's no need to implement stateful DHCPv6, because you can just rely on SLAAC for addressing, and you don't need your devices to perform complex layer2/3 interactions like ARP snooping, DHCPv6 snooping, forced forwarding, etc.</div>
<div><br></div><div>So from an engineering point of view, handing out /128s is a much worse solution. However, if the provider takes the point of view that "every device connecting to the network that hasn't paid a subscription is lost revenue", then there is a perceived incentive to use it.</div>
</div>