nanog mailing list archives
Re: How are you doing DHCPv6 ?
From: Karl Auer <kauer () biplane com au>
Date: Tue, 24 Jan 2012 09:56:58 +1100
On Mon, 2012-01-23 at 17:26 -0500, Randy Carpenter wrote:
One major issue is that there is no way to associate a user's MAC (for IPv4) with their DUID. I haven't been able to find a way to account for this without making the user authenticate once for IPv4, and then again for IPv6. This is cumbersome to the user. Also, in the past there have been various reason why we want to pre-authenticate a client's MAC address (mostly for game consoles, and such, which have the MAC written on the outside of the machine). How can this be done with IPv6, which the DUID is not constant?
Perhaps I misunderstand you (or the RFCs) but it seems to me that the DUID *is* constant. Reading section 9 of RFC 3315, it's pretty clear that a DUID is generated once, according to simple rules, and does not change once it has been generated. Barring intervention, of course. The problem is how to either find out ahead of time what DUID a client has OR how to impose a specific DUID on a client as part of provisioning it. Neither of those issues looks particularly intractable, especially if vendors start shipping with pre-configured DUIDs that are written on the boxes. What do you mean by "authenticate"? Do you mean something like 802.1x? Regards, K. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Karl Auer (kauer () biplane com au) http://www.biplane.com.au/kauer GPG fingerprint: AE1D 4868 6420 AD9A A698 5251 1699 7B78 4EEE 6017 Old fingerprint: DA41 51B1 1481 16E1 F7E2 B2E9 3007 14ED 5736 F687
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Re: How are you doing DHCPv6 ?, (continued)
- Re: How are you doing DHCPv6 ? Jimmy Hess (Jan 20)
- Re: How are you doing DHCPv6 ? Randy Carpenter (Jan 20)
- Re: How are you doing DHCPv6 ? Bjørn Mork (Jan 21)
- Re: How are you doing DHCPv6 ? Jimmy Hess (Jan 21)
- Re: How are you doing DHCPv6 ? Randy Carpenter (Jan 21)
- Re: How are you doing DHCPv6 ? Jimmy Hess (Jan 21)
- Re: How are you doing DHCPv6 ? Randy Carpenter (Jan 20)
- Re: How are you doing DHCPv6 ? Jimmy Hess (Jan 20)
- Re: How are you doing DHCPv6 ? Randy Carpenter (Jan 23)
- Re: How are you doing DHCPv6 ? Karl Auer (Jan 23)
- Re: How are you doing DHCPv6 ? Randy Carpenter (Jan 23)
- Re: How are you doing DHCPv6 ? Karl Auer (Jan 23)
- Re: How are you doing DHCPv6 ? Ray Soucy (Jan 23)
- Re: How are you doing DHCPv6 ? Randy Carpenter (Jan 23)
- Re: How are you doing DHCPv6 ? Karl Auer (Jan 23)
- Re: How are you doing DHCPv6 ? Ray Soucy (Jan 24)
- Re: How are you doing DHCPv6 ? Ray Soucy (Jan 24)
- Re: How are you doing DHCPv6 ? Randy Carpenter (Jan 24)
- Re: How are you doing DHCPv6 ? Ray Soucy (Jan 24)