Hi, > It's also worth noting that the old presumption that MAC-based > interface identifiers are normal and anything else is strange is > obsolete. See http://tools.ietf.org/html/draft-ietf-6man-ug-06 > which is approved in the RFC queue already and > http://tools.ietf.org/html/draft-ietf-6man-default-iids-00 > for a possible future recommendation. > For environments where the IPv4 address management is based on MACs the transistion to IPv6 might be done easier if MACs still can be used.
> These documents are mainly written with SLAAC in mind rather > than DHCPv6, but I don't think that changes the principles. > Personally I would avoid "sequential range like fd00::1, fd00::2" > because it exposes you to easy scanning attacks. Random seems > best except for servers. > For internal addresses I would prefer anything not-random. If there is a situation when one has to debug through larger amounts of IPv6 addresses a bunch of random addresses will likely cause more confusion. External client addresses should be random. Regards Henri -- Henri Wahl IT Department Leibniz-Institut für Festkörper- u. Werkstoffforschung Dresden tel. (03 51) 46 59 - 797 email: [email protected] http://www.ifw-dresden.de IFW Dresden e.V., Helmholtzstraße 20, D-01069 Dresden VR Dresden Nr. 1369 Vorstand: Prof. Dr. Ludwig Schultz, Dr. h.c. Dipl.-Finw. Rolf Pfrengle
smime.p7s
Description: S/MIME Cryptographic Signature
