Re: Question on DHCPv6 address assignment
Fernando Wrt to the Cisco DHCPv6 server (CNR): 1) sequential or random per configuration (can send multiple IA_NA/IA_TA if there are multiple prefixes configured for this link) 2) while client can send a 'hint' to re-use previous addresses, the server can do the same thing, we called this 'affinity', as well if using IA_NA (or course not applicable to IA_TA :-)) PD is the same Hope this helps -éric On 31/01/14 22:00, Fernando Gont ferna...@gont.com.ar wrote: Folks, I'm wondering about the following two aspects of different DHCPv6 implementations out there: 1) What's the pattern with which addresses are generated/assigned? Are they sequential (fc00::1, fc00::2, etc.)? Random? Something else? 2) What about their stability? Is there any intent/mechanism for them to be as stable as possible? Or is it usual for hosts to get a new address for each lease? P.S.: I understand this is likely to vary from one implementation to another... so please describe which implementation/version you're referring to. Thanks! Best regards, -- Fernando Gont e-mail: ferna...@gont.com.ar || fg...@si6networks.com PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
Re: Question on DHCPv6 address assignment
Infoblox uses the ISC DHCP code. I'm thin on details. 1) What's the pattern with which addresses are generated/assigned? Are they sequential (fc00::1, fc00::2, etc.)? Random? Something else? The manual says When the server grants IPv6 leases, it uses an algorithm based on the DUID of the client. 2) What about their stability? Is there any intent/mechanism for them to be as stable as possible? Or is it usual for hosts to get a new address for each lease? I've observed a system obtaining different IPv6 addresses when presenting the same DUID. However, my impression is that hosts usually retain the same address across time. mark
Re: Question on DHCPv6 address assignment
It's also worth noting that the old presumption that MAC-based interface identifiers are normal and anything else is strange is obsolete. See http://tools.ietf.org/html/draft-ietf-6man-ug-06 which is approved in the RFC queue already and http://tools.ietf.org/html/draft-ietf-6man-default-iids-00 for a possible future recommendation. These documents are mainly written with SLAAC in mind rather than DHCPv6, but I don't think that changes the principles. Personally I would avoid sequential range like fd00::1, fd00::2 because it exposes you to easy scanning attacks. Random seems best except for servers. Regards Brian Carpenter On 02/02/2014 09:18, Henri Wahl wrote: Hi, 1) What's the pattern with which addresses are generated/assigned? Are they sequential (fc00::1, fc00::2, etc.)? Random? Something else? We use our dhcpy6d (http://dhcpy6d.ifw-dresden.de) which allows 4 different address categories: - sequential range like fd00::1, fd00::2 - completely random /64 like with privacy extensions: fd00::3d2a:563f:76f1:d94f - plain MAC address like fd00::2034:d4f1:439a - some arbitrary id number given in client configuration like fd00::1, fd00::3421 See http://dhcpy6d.ifw-dresden.de/documentation/config/addresses for details. This way one can hand out for example 2 addresses to clients, one random privacy-aware global and one range or MAC-based for internal use. The bad news is that only Windows 7+ is capable of handling more than one address given by DHCPv6 out of the box. Linux has to be tweaked not to use Network-Manager and MacOS fails completely - maybe would work with some dhclient or dibbler-client. 2) What about their stability? Is there any intent/mechanism for them to be as stable as possible? Or is it usual for hosts to get a new address for each lease? MAC and ID based addresses are of course stable, the range based ones intend to be too and the random ones are regenerated whenever a lease expired. Best regards Henri
Question on DHCPv6 address assignment
Folks, I'm wondering about the following two aspects of different DHCPv6 implementations out there: 1) What's the pattern with which addresses are generated/assigned? Are they sequential (fc00::1, fc00::2, etc.)? Random? Something else? 2) What about their stability? Is there any intent/mechanism for them to be as stable as possible? Or is it usual for hosts to get a new address for each lease? P.S.: I understand this is likely to vary from one implementation to another... so please describe which implementation/version you're referring to. Thanks! Best regards, -- Fernando Gont e-mail: ferna...@gont.com.ar || fg...@si6networks.com PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
