On Wed, 22 Sep 2010, Karl Auer wrote:
Hm. Any host can take an address in its subnet - i.e. bypass DHCP. This is as true of IPv6 as it is of IPv4. Any host that does SLAAC is "bypassing" DHCPv6. So something has to watch the DHCP traffic and dynamically permit addresses that have been allocated via DHCP. Is it that step that concerns you? I.e., if hosts are doing SLAAC their DHCP activity doesn't exist, so instead hosts will have to be assigned static addresses and permitted in firewalls etc statically?
If one uses DHCP and have SAVI enabled equipment, then one knows who had what IPv6 address at what time, because the network will filter any traffic coming from addresses not handed out by DHCP and one knows what physical port was allocated the IP address at the time.
So SLAAC is out of the question for these types of applications. M and O flag set.
-- Mikael Abrahamsson email: [email protected] -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
