On Wed, 2010-09-22 at 07:01 -0400, Randy Bush wrote: > >> also, do not underestimate the co$t of the of operational change to move > >> from dhcp4 to nd/ra. folk who want to keep dns and ip audit may have to > >> go static without dhcp6. another non-trivial barrier to ipv6 deployment. > > Randy, could you elaborate please? Not sure I see what you are getting > > at. Do you mean that if people do not use DHCPv6, they will have a > > problem tracking which IP addresses are in use? > > for audit purposes, one wants to know which host did the dirty on > wednesday at 17:23. most large enterprises base firewall rules on ip > address. blah blah blah.
Hm. Any host can take an address in its subnet - i.e. bypass DHCP. This is as true of IPv6 as it is of IPv4. Any host that does SLAAC is "bypassing" DHCPv6. So something has to watch the DHCP traffic and dynamically permit addresses that have been allocated via DHCP. Is it that step that concerns you? I.e., if hosts are doing SLAAC their DHCP activity doesn't exist, so instead hosts will have to be assigned static addresses and permitted in firewalls etc statically? I don't want to set up a straw man here; I'm genuinely interested, but having trouble joining the dots from your two messages. Regards, K. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Karl Auer ([email protected]) +61-2-64957160 (h) http://www.biplane.com.au/kauer/ +61-428-957160 (mob) GPG fingerprint: B386 7819 B227 2961 8301 C5A9 2EBC 754B CD97 0156 Old fingerprint: 07F3 1DF9 9D45 8BCD 7DD5 00CE 4A44 6A03 F43A 7DEF
signature.asc
Description: This is a digitally signed message part
-------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
