<div style="font-family:arial,helvetica,sans-serif;font-size:10pt">On Mon, Dec 3, 2012 at 10:29 AM, Andre Tomt <span dir="ltr"><<a href="mailto:andre@tomt.net" target="_blank">andre@tomt.net</a>></span> wrote:<br>
<div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">Most newer devices do support DHCPv6 addressing* so I don't see too many downsides of giving the managed addresses the full, unfiltered experience, leaving the others only outbound + return traffic. Other than making CPE's support something like it of course.</div>
</blockquote><div><br></div><div>Then filter all addresses with ff:fe in the middle bits?</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">* Most devices I've seen not supporting DHCPv6 addressing have so many problems with IPv6 that they dont belong on a public IPv6 network anyway.</blockquote>
<div><br></div><div>DHCPv6 has limitations such as reduced capabilities for host to implement privacy addresses, reduced reliability compared to SLAAC in multihoming scenarios, etc. Whatever you do in the filtering realm, please don't tie it to DHCPv6.</div>
</div></div>