Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

Hi Ole, > Op 2 apr. 2020, om 12:10 heeft otr...@employees.org het volgende geschreven: > >> DHCPv6 took itself out of the running when it failed to provide the >> default gateway to its clients. > > I just posted an updated version of what was the "Universal RA option" draft. > It is now the

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

At the risk of repeating myself, if ops people like this approach then they need to engage in constructive discussion of it in the IETF. No need for a travel budget, especially now. https://www.ietf.org/mailman/listinfo/ipv6 Regards Brian On 02-Apr-20 23:10, otr...@employees.org wrote: >>

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

>> Independent of the prefix distribution mechanism, it may be worth revisit= >ing >> having a single /48 for an organisation of 4 employees. > >Sure, but if we start handing out /40s like there's enough of them, >eventually there won't be. I find it weird that the IEEE manages to allocate a

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

> DHCPv6-PD works, and AFAIK it is implemented by every vendor wanting to > be taken seriously. > > HNCP probably works too. Time will tell, if/when it is actually > implemented at a scale making it possible to test it outside the lab. > > HNCP is currently irrelevant wrt end host addressing.

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

> DHCPv6 took itself out of the running when it failed to provide the > default gateway to its clients. I just posted an updated version of what was the "Universal RA option" draft. It is now the "Universal IPv6 Configuration Option", which includes support for default gateway in DHCPv6.

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

Gert Doering writes: > On Thu, Apr 02, 2020 at 12:09:34AM -0300, Fernando Gont wrote: >> On 1/4/20 14:16, Gert Doering wrote: >> [...] >> > Even IETF discontinued recommending DHCPv6-PD for "inside a home network", >> > because it doesn't work. >> >> Would you mind elaborating on this one? > >

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

On Thu, Apr 2, 2020 at 5:52 PM Gert Doering wrote: > > Independent of the prefix distribution mechanism, it may be worth > revisiting > > having a single /48 for an organisation of 4 employees. > > Sure, but if we start handing out /40s like there's enough of them, > eventually there won't

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

Hi, On Thu, Apr 02, 2020 at 10:44:04AM +0200, Philip Homburg wrote: > >So you need to somehow build a prefix distribution mechanism, so people > >can have an arbitrary number of PD prefixes in "wherever network they=20 > >happen to be". So we're back to multi-level PD, with all the challenges >

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

>So you need to somehow build a prefix distribution mechanism, so people >can have an arbitrary number of PD prefixes in "wherever network they=20 >happen to be". So we're back to multi-level PD, with all the challenges >(firewall rules, ACLs, internal routing, ...). And even then, a /48 >might

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

Hi, On Thu, Apr 02, 2020 at 05:24:34AM -0300, Fernando Gont wrote: > > As far as I understand, the official IETF recommendation for "how to > > run a home with multiple subnets" is "homenet / HNCP" now, which distributes > > individual /64s via HNCP, not whole prefixes via DHCPv6-PD. > I haven't

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

Just curious: what would be the use case of /64 per host (besides trying to limit number of entries in the NC, etc.)? A gazillion containers running on the host, each one with its own IPv6 address instead of NAT spaghetti. Whichever way you look, we’re slowly turning IPv6 back into CLNP ;))

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

On 2/4/20 03:19, Gert Doering wrote: Hi, On Thu, Apr 02, 2020 at 12:09:34AM -0300, Fernando Gont wrote: On 1/4/20 14:16, Gert Doering wrote: [...] Even IETF discontinued recommending DHCPv6-PD for "inside a home network", because it doesn't work. Would you mind elaborating on this one?

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

Hi, On Thu, Apr 02, 2020 at 12:09:34AM -0300, Fernando Gont wrote: > On 1/4/20 14:16, Gert Doering wrote: > [...] > > Even IETF discontinued recommending DHCPv6-PD for "inside a home network", > > because it doesn't work. > > Would you mind elaborating on this one? Which of the two parts? :-)

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

>> We are already 90% of the way here: Make IA_PD work for hosts, not >> just for routers. That way Android handsets can have as many addresses >> as they want. > > You mean e.g. support IA_PD at CPEs on the LAN side? I'd like IA_PD to work both CPEs on the LAN side, and I'd like it to work for

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

On 1/4/20 14:16, Gert Doering wrote: Hi, [...] Even IETF discontinued recommending DHCPv6-PD for "inside a home network", because it doesn't work. Would you mind elaborating on this one? -- Fernando Gont e-mail: ferna...@gont.com.ar || fg...@si6networks.com PGP Fingerprint: 7809 84F5 322E

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

On 1/4/20 09:12, sth...@nethelp.no wrote: There are several reasons that people shout about DHCPv6: ... - politics: probably the most contentious area. One well-known example - is how ipv6 on cellular impacts carrier vs handset control - politics. 3GPP specifies that the ppp context for

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

Hi, On Wed, Apr 01, 2020 at 08:05:04PM +0200, Ola Thoresen wrote: > I also fail to see why the cost of implementing PD in a network would be > significantly higher than doing all the ND snoping and logging you would > need to track individual addresses - _especially_ in an enterprise network.

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

On 4/1/20 7:16 PM, Gert Doering wrote: Hi, On Wed, Apr 01, 2020 at 05:53:02PM +0200, Bjørn Mork wrote: Lorenzo Colitti writes: I'm not sure that the folks asking for IA_NA would be happy with IA_PD though. Why don't you just try and see? You have nothing to lose AFAICT. I've said it on

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

Hi, On Wed, Apr 01, 2020 at 05:53:02PM +0200, Bjørn Mork wrote: > Lorenzo Colitti writes: > > > I'm not sure that the folks asking for IA_NA would be happy with IA_PD > > though. > > Why don't you just try and see? You have nothing to lose AFAICT. I've said it on IETF discussions and will

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

Lorenzo Colitti writes: > I'm not sure that the folks asking for IA_NA would be happy with IA_PD > though. Why don't you just try and see? You have nothing to lose AFAICT. Bjørn

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

>> We are already 90% of the way here: Make IA_PD work for hosts, not >> just for routers. That way Android handsets can have as many addresses >> as they want. > > DHCPv6 PD is one of the means suggested by RFC 7934, yes. I'm not sure that > the folks asking for IA_NA would be happy with IA_PD

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

On Wed, Apr 1, 2020 at 9:12 PM wrote: > We are already 90% of the way here: Make IA_PD work for hosts, not > just for routers. That way Android handsets can have as many addresses > as they want. > DHCPv6 PD is one of the means suggested by RFC 7934, yes. I'm not sure that the folks asking for

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

>We are already 90% of the way here: Make IA_PD work for hosts, not >just for routers. That way Android handsets can have as many addresses >as they want. IA_PD 'works' (for small values of works) for hosts today. The upstream interface of a CPE is defined as a host instead of a router. The big

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

> There are several reasons that people shout about DHCPv6: ... > - politics: probably the most contentious area. One well-known example > - is how ipv6 on cellular impacts carrier vs handset control > - politics. 3GPP specifies that the ppp context for tethering must > - support SLAAC and

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

The problem is that you only realize about the DMARC problem is you "verify" your own emails when they come back from the list and you have configured the list to also send back the emails to you ... Otherwise it passes unadvertised, but some people don't get emails from people that uses DMARC

RE: Why used DHCPv6 when RA has RDNSS and DNSSL?

+rwebb=ropeguru@lists.cluenet.de bounces+rwebb=ropeguru@lists.cluenet.de> On Behalf Of JORDI PALET > MARTINEZ > Sent: Wednesday, April 1, 2020 7:08 AM > To: Daniel Roesen ; ipv6-ops@lists.cluenet.de > Subject: Re: Why used DHCPv6 when RA has RDNSS and DNSSL? > > The probl

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

On Wed, Apr 01, 2020 at 10:56:03AM +0200, Jens Link wrote: > people can't/won't read headers. Most mail clients hide them pretty > well. I guess that most people don't even konw they are there. Correct, but appending footers is a problem with cryptographic signatures, so a pretty much no-go too.

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

By the way ... I just realized that the list is not handling correctly DMARC users. So my own emails when they come back, go to the spam folder, which means they are going to the spam folder of many folks. This was a problem with IETF and RIRs exploders and I believe they applied some patch or

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

On Wed, Apr 01, 2020 at 10:01:21AM +0200, Webmaster wrote: > By the way ... I just realized that the list is not handling correctly > DMARC users. So my own emails when they come back, go to the spam > folder, which means they are going to the spam folder of many folks. One could argue that this

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

El 1/4/20 10:55, "Tore Anderson" escribió: * JORDI PALET MARTINEZ > I don't know it by memory Huh. In that case, what do you base your claims about what the GDPR requires on, exactly? > 1) Before 25 May 2018, every EU citizen or resident must get a

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

I agree that it is sufficient for smart people, but I'm not sure if in case somebody is not smart and make a complain to the DPA, they will agree being sufficient. I'm just fine either way, just making sure that the list responsible avoids troubles because non-smart (not to say stupid) people.

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

Hi, On Wed, Apr 01, 2020 at 10:56:55AM +0200, Bjørn Mork wrote: > The rest of us we can live just fine with SLAAC+DHCPv6. Just remember > that it is so much better than SLAAC+DHCPv6+whatever. Maybe it's time for a unified SLAAC+DHCPv6 standard! Much better than two competing standards! Gert

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

Brian E Carpenter writes: > On 31-Mar-20 23:17, Mark Tinka wrote: > >> Operating two address assignment protocols is just silly. >> >> At my house, I don't even bother with DHCPv6 for DNS. I just use the >> IPv4 ones and let SLAAC assign IPv6 addresses to my devices. Just about >> done with the

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

Bjørn Mork writes: > This list has this in the header: > > List-Id: IPv6 operators forum > List-Unsubscribe: , > > List-Archive: >

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

* JORDI PALET MARTINEZ > I don't know it by memory Huh. In that case, what do you base your claims about what the GDPR requires on, exactly? > 1) Before 25 May 2018, every EU citizen or resident must get a confirmation > from any database holder with his personal data, to re-confirm the >

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

Hi Tore, I've taken a quick look, because I don't know it by memory, but: 1) Before 25 May 2018, every EU citizen or resident must get a confirmation from any database holder with his personal data, to re-confirm the authorization. I'm not sure if that was done for this list. I believe this is

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

JORDI PALET MARTINEZ writes: > 2) Right to object. Art. 59, but also many others. It is not probably clear= > ly said that it must be in a footer but it must be clearly available how to= > . > > https://gdpr-info.eu/ > > I don't have any problem myself, but I think it is good for the host of

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

Well, we can't know probably, but he must be able to unsubscribe by himself anyway ... It is true however, that this list must follow GDPR, and this means having an explicit unsubscription link in the footer, which will also facilitate some people to unsubscribe (yes we know, even having that

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

* JORDI PALET MARTINEZ > It is true however, that this list must follow GDPR, and this means having an > explicit unsubscription link in the footer Which GDPR article requires that, exactly? Tore

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

On Wed, Apr 01, 2020 at 09:29:45AM +0200, JORDI PALET MARTINEZ wrote: > If you’re receiving the messages is because YOU subscribed to the list. Not necessarily. Especially with the big freemailers, email accounts sometimes change owners... where old owner didn't unsub from all mailing lists,

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

If you’re receiving the messages is because YOU subscribed to the list. If you subscribed to the list, you know how to unsubscribe. If you don’t know it, you should be smart enough to look into the email header and you will find how to do it. Just in case you don’t know how to do it,

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

Hi, On Wed, Apr 01, 2020 at 10:11:30AM +0900, Lorenzo Colitti wrote: > On Wed, Apr 1, 2020 at 4:03 AM Gert Doering wrote: > > > (What they *want* is "IPAM shows what IPv6 address is in use on which > > device in the network", which DHCPv6 would do nicely, including > > static assignments via

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

The real problem is there are distinct use cases for both SLAAC and DHCPv6 and the people in charge of DHCPv6 keep screwing up. It should be possible to run either SLAAC/RA or DHCPv6 and have each offering provide the required information without having to run additional services just to get

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

On Wed, Apr 1, 2020 at 4:03 AM Gert Doering wrote: > (What they *want* is "IPAM shows what IPv6 address is in use on which > device in the network", which DHCPv6 would do nicely, including > static assignments via DHCP reservations - while everything else > relies on "IPv6/MAC ND logging on the

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

Unsubscribe > On Mar 31, 2020, at 5:34 PM, Brian E Carpenter > wrote: > > On 31-Mar-20 23:17, Mark Tinka wrote: >> >> >>> On 31/Mar/20 12:09, sth...@nethelp.no wrote: >>> >>> Note that there have been multiple requests for DHCPv6 to do this but >>> every attempt has been shot down. >> >>

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

On 31-Mar-20 23:17, Mark Tinka wrote: > > > On 31/Mar/20 12:09, sth...@nethelp.no wrote: > >> Note that there have been multiple requests for DHCPv6 to do this but >> every attempt has been shot down. > > Yep - thankfully, we have an option. > > Operating two address assignment protocols is

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

On 31/3/20 16:03, Gert Doering wrote: Hi, On Tue, Mar 31, 2020 at 03:10:50PM -0300, Fernando Gont wrote: So, managed networks tend to like DHCPv6 (DNS!), and wonder how they should cope with Android. Probably they don't. I'm working with one enterprise right now, and one of the options on

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

Hi, On Tue, Mar 31, 2020 at 03:10:50PM -0300, Fernando Gont wrote: > > So, managed networks tend to like DHCPv6 (DNS!), and wonder how they > > should cope with Android. > Probably they don't. I'm working with one enterprise right now, and one of the options on the table is "have a separate wifi

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

On 31/3/20 12:59, Gert Doering wrote: Hi, On Tue, Mar 31, 2020 at 02:30:46AM +0200, Roger Wiklund wrote: When I read DHCPv6 vs SLAAC it often boils down to "control" but I don't see the need to allocate a dynamic address if the autogenerated are used. "control" in the sense of "the

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

On 31/3/20 07:09, sth...@nethelp.no wrote: When I read DHCPv6 vs SLAAC it often boils down to "control" but I don't see the need to allocate a dynamic address if the autogenerated are used. For client's you dont really have any inbound connections unless it's a support case. What's your view on

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

Golly whiz, I have always considered DHCPv6 and RA/SLAAC as configuration tools for end systems. In addition, I have always considered the configuration of end systems to be the (implicit)) responsibility of the end system owner, not the network provider. I would love to find someone who could

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

Hi, On Tue, Mar 31, 2020 at 12:17:44PM +0200, Mark Tinka wrote: > At my house, I don't even bother with DHCPv6 for DNS. I just use the > IPv4 ones and let SLAAC assign IPv6 addresses to my devices. Just about > done with the purist madness around this. "In da house", mDNS usually does the trick

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

On Tue, Mar 31, 2020 at 02:30:46AM +0200, Roger Wiklund wrote: >Hi >I played around with IPv6 on my Mac today (Mac OS Catalina) and I noticed >that besides the IP from DHCPv6 (dynamic) it's also generating two other >addresses. [...] >I don't really know that the "secured"

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

Thanks for all the feedback I also run dual stack with SLAAC for IPv6 assignment and my IPv4 DNS servers resolve the records. After skimming through rfc7217 + rfc4941 with the "autoconf temporary" being used for outbound and "autoconf secured" being static and can thus be used for reliable

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

On 31/Mar/20 12:09, sth...@nethelp.no wrote: > Note that there have been multiple requests for DHCPv6 to do this but > every attempt has been shot down. Yep - thankfully, we have an option. Operating two address assignment protocols is just silly. At my house, I don't even bother with

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

On 31/Mar/20 02:30, Roger Wiklund wrote: > > > When I read DHCPv6 vs SLAAC it often boils down to "control" but I > don't see the need to allocate a dynamic address if the autogenerated > are used. For client's you dont really have any inbound connections > unless it's a support case. > >

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

There are also devices that will try DHCPv6 regardless of the M/O bits. My HP printer was one. Tim On 31 Mar 2020, at 04:29, Brian E Carpenter mailto:brian.e.carpen...@gmail.com>> wrote: It seems that the router must be setting both the A bit (use SLAAC) and the M bit (use DHCPv6). So the

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

Hi, Brian, On 31/3/20 00:29, Brian E Carpenter wrote: It seems that the router must be setting both the A bit (use SLAAC) and the M bit (use DHCPv6). FWIW, my Sagemcom router provided by my ISP does the same (set both A in PIOs, and M (and O :-) ) in the RA). UBuntu reacts as descirbed by

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

It seems that the router must be setting both the A bit (use SLAAC) and the M bit (use DHCPv6). So the host is obeying both. There's no real harm in it, in most circumstances. Fixing the ambiguity about what hosts should do about this has often been discussed in the IETF but there's never

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

Hi, On Tue, Mar 31, 2020 at 02:30:46AM +0200, Roger Wiklund wrote: > Hi > > I played around with IPv6 on my Mac today (Mac OS Catalina) and I noticed > that besides the IP from DHCPv6 (dynamic) it's also generating two other > addresses. > > When I read DHCPv6 vs SLAAC it often boils down to

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

> On Mar 30, 2020, at 8:30 PM, Roger Wiklund wrote: > > Hi > > I played around with IPv6 on my Mac today (Mac OS Catalina) and I noticed > that besides the IP from DHCPv6 (dynamic) it's also generating two other > addresses. > > ether aa:bb:cc:dd:ee:ff > inet6