On Wed, 28 Feb 2018, Fernando Gont wrote:
I agree with that. However, there are scenarios in which, unfortunately,
you might need to limit application choice: some enterprise deployments
are known for that: disabling support for temporary addresses is a
widespread practice in such deployments.
How could one accommodate such deployments? (ignoring them eventually
means that the network admins needs to figure out his own hack)
In my discussion with people who have that requirement, I always advice
them in the direction of prefix per host (/64). Most of the time they
haven't even considered this option, but instead still think in terms of
addresses and not prefixes. They still do not like the suggestion because
it typically involves doing other tracking than via DHCP server logs.
Otoh when I ask them if they do BCP38 DHCP inspection to make sure people
can't change addresses, I often get a negative answer. So it's often my
conclusion that the whole tracking thing is a checkboxing requirement and
not a hard requirement that means assurance that it's accurate.
--
Mikael Abrahamsson email: [email protected]
_______________________________________________
Taps mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/taps
