Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

2020-03-31 Thread James R Cutler 
Golly whiz, I have always considered DHCPv6 and RA/SLAAC as configuration tools 
for end systems. In addition, I have always considered the configuration of end 
systems to be the (implicit)) responsibility of the end system owner, not the 
network provider. I would love to find someone who could eloquently articulate 
why the end system owner (especially in managed environments) can not choose 
how to configure end systems. 

Why must the availability of these two particular configuration tools become 
such a partisan/religious debate. Does it make a significant difference in the 
cost of providing network services? Does it make a significant difference in 
the cost of end systems? I can find no evidence of this in the debate.

It seems obvious that (non-superuser) home systems have configuration 
requirements different from those in managed offices. Getting these satisfied 
to meet business requirements requires thought at a higher protocol level (such 
as Business Operations) and division of labor/control is often useful. Forcing 
end system configuration management into router configurations conflicts with 
end system change control. In many situations SLAAC, an obviously 
router-centric function, meets basic addressing requirements without burdening 
router operations with end system details. It many, often overlapping, 
situations DHCPv6 offers an orthogonal management point for items such as NTP, 
DNS, Printers, and more without interfering with managing the routing network. 

Wouldn’t it be more cost effect in the long term to simply make SLAAC and 
DHCPv6 cooperative and complementary attributes of end-to-end networking? 

Could we then work on larger problems, such as implementing secure route 
distribution?

Show me my error and I will repent.

James R. Cutler
james.cut...@consultant.com
GPG keys: hkps://hkps.pool.sks-keyservers.net



> On Mar 31, 2020, at 12:01 PM, Gert Doering  wrote:
> 
> Hi,
> 
> On Tue, Mar 31, 2020 at 12:17:44PM +0200, Mark Tinka wrote:
>> At my house, I don't even bother with DHCPv6 for DNS. I just use the
>> IPv4 ones and let SLAAC assign IPv6 addresses to my devices. Just about
>> done with the purist madness around this.
> 
> "In da house", mDNS usually does the trick nicely for "I want to ssh
> to my wife's laptop to fix her time machine backup".
> 
> As soon as you have a larger routed network, mDNS falls short, and 
> (unless you have a windows domain) there are no existing mechanisms
> to put a SLAAC v6 address into DNS...
> 
> Yes, thanks, IETF.  Well done.
> 
> Gert Doering
>-- NetMaster
> -- 
> have you enabled IPv6 on something today...?
> 
> SpaceNet AG  Vorstand: Sebastian v. Bomhard, Michael Emmer
> Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann
> D-80807 Muenchen HRB: 136055 (AG Muenchen)
> Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

2020-03-30 Thread James R Cutler 
> On Mar 30, 2020, at 8:30 PM, Roger Wiklund  wrote:
> 
> Hi
> 
> I played around with IPv6 on my Mac today (Mac OS Catalina) and I noticed 
> that besides the IP from DHCPv6 (dynamic) it's also generating two other 
> addresses.
> 
>   ether aa:bb:cc:dd:ee:ff
>   inet6 fe80::1cad:944f:df4a:d123%en0 prefixlen 64 secured scopeid 0x7
>   inet6 2001:123:44:55:1a:f346:1bef:b88a prefixlen 64 autoconf secured
>   inet6 2001:123:44:55:20ac:49d2:68c5:595b prefixlen 64 autoconf temporary
>   inet6 2001:123:44:55::101 prefixlen 64 dynamic
> 
> I don't really know that the "secured" address is used for TBH (both autoconf 
> are randomized and not based on the MAC)
> The temporary address is used for outgoing connections and is changed every 
> so often.
> The dynamic address if from my DHPv6 server.
> 
> I think Windows has the same behaivour.
> 
> This got me thinking, if the temporary address is used as the outgoing source 
> address, this gives me even less incentive to use DHCPv6. Especially since my 
> Juniper SRX supports RDNSS via RA: https://tools.ietf.org/html/rfc8106 
> <https://tools.ietf.org/html/rfc8106>
> 
> set protocols router-advertisement interface ge-0/0/0.20 dns-server-address 
> 2001:4860:4860:: lifetime 3600
> set protocols router-advertisement interface ge-0/0/0.20 dns-server-address 
> 2001:4860:4860::8844 lifetime 3600
> set protocols router-advertisement interface ge-0/0/0.20 prefix 
> 2001:123:44:55::/64
> 
> When I read DHCPv6 vs SLAAC it often boils down to "control" but I don't see 
> the need to allocate a dynamic address if the autogenerated are used. For 
> client's you dont really have any inbound connections unless it's a support 
> case.
> 
> What's your view on this?
> 
> Thanks!

I don’t understand why this is a disincentive of any consequence to preparing 
for the future by adopting IPv6.  

See also: 
https://apple.stackexchange.com/questions/315232/disable-temporary-autoconf-inet6-address
 
<https://apple.stackexchange.com/questions/315232/disable-temporary-autoconf-inet6-address>
 (nota bene: I have not checked this on my Catalina systems due to time 
constraints.)


James R. Cutler
james.cut...@consultant.com
GPG keys: hkps://hkps.pool.sks-keyservers.net