Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

[Fernando Gont]

Hi, Brian,

On 31/3/20 00:29, Brian E Carpenter wrote:
It seems that the router must be setting both the A bit (use SLAAC) and the M bit (use DHCPv6). 


FWIW, my  Sagemcom router provided by my ISP does the same (set both A 
in PIOs, and M (and O :-) ) in the RA). UBuntu reacts as descirbed by 
the OP.




So the host is obeying both. There's no real harm in it, in most circumstances.


Not sure I would clasify it as "harm", but:
my ubuntu box does rfc7217+rfc4941. But since the M bit is set, it 
configures a DHCPv6-leased address... with a predictable IID. ( 
apparently the CPE has a poool that starts at ::1000, and leases 
addresses incrementally).


Certainly, that's not nice.

Besides, if folks are concerned about the number of addresses in use (as 
some did in recent 6man discussions), one would say this is a 
low-hanging fruit: an address that is configured, and will *never* be used.





Fixing the ambiguity about what hosts should do about this has often been 
discussed in the IETF but there's never really been evidence that it's worth 
doing.


FWIW, me, even if it was just for the sake "clarity", that would be 
worth doing.


Thanks!

Cheers,
--
Fernando Gont
e-mail: ferna...@gont.com.ar || fg...@si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

[Brian E Carpenter]

It seems that the router must be setting both the A bit (use SLAAC) and the M 
bit (use DHCPv6). So the host is obeying both. There's no real harm in it, in 
most circumstances.

Fixing the ambiguity about what hosts should do about this has often been 
discussed in the IETF but there's never really been evidence that it's worth 
doing.

Regards
   Brian Carpenter

On 31-Mar-20 13:30, Roger Wiklund wrote:
> Hi
> 
> I played around with IPv6 on my Mac today (Mac OS Catalina) and I noticed 
> that besides the IP from DHCPv6 (dynamic) it's also generating two other 
> addresses.
> 
> ether aa:bb:cc:dd:ee:ff
> inet6 fe80::1cad:944f:df4a:d123%en0 prefixlen 64 secured scopeid 0x7
> inet6 2001:123:44:55:1a:f346:1bef:b88a prefixlen 64 autoconf secured
> inet6 2001:123:44:55:20ac:49d2:68c5:595b prefixlen 64 autoconf temporary
> inet6 2001:123:44:55::101 prefixlen 64 dynamic
> 
> I don't really know that the "secured" address is used for TBH (both autoconf 
> are randomized and not based on the MAC)
> The temporary address is used for outgoing connections and is changed every 
> so often.
> The dynamic address if from my DHPv6 server.
> 
> I think Windows has the same behaivour.
> 
> This got me thinking, if the temporary address is used as the outgoing source 
> address, this gives me even less incentive to use DHCPv6. Especially since my 
> Juniper SRX supports RDNSS via RA: https://tools.ietf.org/html/rfc8106
> 
> set protocols router-advertisement interface ge-0/0/0.20 dns-server-address 
> 2001:4860:4860:: lifetime 3600
> set protocols router-advertisement interface ge-0/0/0.20 dns-server-address 
> 2001:4860:4860::8844 lifetime 3600
> set protocols router-advertisement interface ge-0/0/0.20 prefix 
> 2001:123:44:55::/64
> 
> When I read DHCPv6 vs SLAAC it often boils down to "control" but I don't see 
> the need to allocate a dynamic address if the autogenerated are used. For 
> client's you dont really have any inbound connections unless it's a support 
> case.
> 
> What's your view on this?
> 
> Thanks!

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

[Enno Rey]

Hi,

On Tue, Mar 31, 2020 at 02:30:46AM +0200, Roger Wiklund wrote:
> Hi
> 
> I played around with IPv6 on my Mac today (Mac OS Catalina) and I noticed
> that besides the IP from DHCPv6 (dynamic) it's also generating two other
> addresses.
> 
> When I read DHCPv6 vs SLAAC it often boils down to "control" but I don't
> see the need to allocate a dynamic address if the autogenerated are used.
> For client's you dont really have any inbound connections unless it's a
> support case.
> 
> What's your view on this?
> 
> Thanks!

I for one think that, very broadly speaking, DHCPv6 should & can be avoided in 
many environments.
See also 'Does One Need DHCP(v6)?' 
https://theinternetprotocolblog.wordpress.com/2020/03/14/does-one-need-dhcpv6/

cheers

Enno



-- 
Enno Rey

Cell: +49 173 6745902
Twitter: @Enno_Insinuator

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

[James R Cutler]

> On Mar 30, 2020, at 8:30 PM, Roger Wiklund  wrote:
> 
> Hi
> 
> I played around with IPv6 on my Mac today (Mac OS Catalina) and I noticed 
> that besides the IP from DHCPv6 (dynamic) it's also generating two other 
> addresses.
> 
>   ether aa:bb:cc:dd:ee:ff
>   inet6 fe80::1cad:944f:df4a:d123%en0 prefixlen 64 secured scopeid 0x7
>   inet6 2001:123:44:55:1a:f346:1bef:b88a prefixlen 64 autoconf secured
>   inet6 2001:123:44:55:20ac:49d2:68c5:595b prefixlen 64 autoconf temporary
>   inet6 2001:123:44:55::101 prefixlen 64 dynamic
> 
> I don't really know that the "secured" address is used for TBH (both autoconf 
> are randomized and not based on the MAC)
> The temporary address is used for outgoing connections and is changed every 
> so often.
> The dynamic address if from my DHPv6 server.
> 
> I think Windows has the same behaivour.
> 
> This got me thinking, if the temporary address is used as the outgoing source 
> address, this gives me even less incentive to use DHCPv6. Especially since my 
> Juniper SRX supports RDNSS via RA: https://tools.ietf.org/html/rfc8106 
> 
> 
> set protocols router-advertisement interface ge-0/0/0.20 dns-server-address 
> 2001:4860:4860:: lifetime 3600
> set protocols router-advertisement interface ge-0/0/0.20 dns-server-address 
> 2001:4860:4860::8844 lifetime 3600
> set protocols router-advertisement interface ge-0/0/0.20 prefix 
> 2001:123:44:55::/64
> 
> When I read DHCPv6 vs SLAAC it often boils down to "control" but I don't see 
> the need to allocate a dynamic address if the autogenerated are used. For 
> client's you dont really have any inbound connections unless it's a support 
> case.
> 
> What's your view on this?
> 
> Thanks!

I don’t understand why this is a disincentive of any consequence to preparing 
for the future by adopting IPv6.  

See also: 
https://apple.stackexchange.com/questions/315232/disable-temporary-autoconf-inet6-address
 

 (nota bene: I have not checked this on my Catalina systems due to time 
constraints.)


James R. Cutler
james.cut...@consultant.com
GPG keys: hkps://hkps.pool.sks-keyservers.net

Why used DHCPv6 when RA has RDNSS and DNSSL?

[Roger Wiklund]

Hi

I played around with IPv6 on my Mac today (Mac OS Catalina) and I noticed
that besides the IP from DHCPv6 (dynamic) it's also generating two other
addresses.

ether aa:bb:cc:dd:ee:ff
inet6 fe80::1cad:944f:df4a:d123%en0 prefixlen 64 secured scopeid 0x7
inet6 2001:123:44:55:1a:f346:1bef:b88a prefixlen 64 autoconf secured
inet6 2001:123:44:55:20ac:49d2:68c5:595b prefixlen 64 autoconf temporary
inet6 2001:123:44:55::101 prefixlen 64 dynamic

I don't really know that the "secured" address is used for TBH (both
autoconf are randomized and not based on the MAC)
The temporary address is used for outgoing connections and is changed every
so often.
The dynamic address if from my DHPv6 server.

I think Windows has the same behaivour.

This got me thinking, if the temporary address is used as the outgoing
source address, this gives me even less incentive to use DHCPv6. Especially
since my Juniper SRX supports RDNSS via RA:
https://tools.ietf.org/html/rfc8106

set protocols router-advertisement interface ge-0/0/0.20 dns-server-address
2001:4860:4860:: lifetime 3600
set protocols router-advertisement interface ge-0/0/0.20 dns-server-address
2001:4860:4860::8844 lifetime 3600
set protocols router-advertisement interface ge-0/0/0.20 prefix
2001:123:44:55::/64

When I read DHCPv6 vs SLAAC it often boils down to "control" but I don't
see the need to allocate a dynamic address if the autogenerated are used.
For client's you dont really have any inbound connections unless it's a
support case.

What's your view on this?

Thanks!