nanog mailing list archives
Re: IPv6 Deployment for the LAN
From: Steven Bellovin <smb () cs columbia edu>
Date: Sun, 18 Oct 2009 16:28:42 -0400
On Oct 17, 2009, at 8:55 PM, Ray Soucy wrote:
Looking for general feedback on IPv6 deployment to the edge. As it turns out delivering IPv6 to the edge in an academic setting has been a challenge. Common wisdom says to rely on SLAAC for IPv6 addressing, and in a perfect world it would make sense. Given that historically we have relied on DHCP for a means of NAC and host registration, like many academic institutions, the idea of sweeping changes to accommodate IPv6 was just not going to happen in the near future.
...My question is this: what are your goals? What are you trying to achieve? Force all authorized machines to register? If so, why? We'll leave out for now whether or not there's even much point to that. My university -- and I'm just a user of campus computing facilities; I don't run them -- has concluded that there's no particular benefit to requiring registration or permission; it's one more server complex to run, one more database to maintain, and one more thing to break, and the benefits don't seem to be worth the cost. And given that we've had incidents of IP and MAC address spoofing, where it took the switch logs to figure out what was going on, I'm very far from convinced that registration is of any benefit anyway. In other words -- yes, I agree with the campus policy -- but that's not the question I'm asking.
I ask because there may be other ways to achieve your actual goal, but without knowing that it's hard to make recommendations. The most obvious answer is accountability, but physical port number may be a better approach there, depending on how the campus network is run.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
Current thread:
- Re: IPv6 Deployment for the LAN, (continued)
- Re: IPv6 Deployment for the LAN TJ (Oct 23)
- Re: IPv6 Deployment for the LAN Owen DeLong (Oct 23)
- Re: IPv6 Deployment for the LAN TJ (Oct 23)
- Re: IPv6 Deployment for the LAN Kevin Loch (Oct 21)
- Re: IPv6 Deployment for the LAN Andy Davidson (Oct 28)
- Re: IPv6 Deployment for the LAN Randy Bush (Oct 28)
- Re: IPv6 Deployment for the LAN Matthew Moyle-Croft (Oct 28)
- Re: IPv6 Deployment for the LAN Owen DeLong (Oct 28)
- Re: IPv6 Deployment for the LAN Mark Smith (Oct 29)
- Re: IPv6 Deployment for the LAN Ray Soucy (Oct 18)
- Re: IPv6 Deployment for the LAN Ray Soucy (Oct 18)
- Re: IPv6 Deployment for the LAN trejrco (Oct 19)
- Re: IPv6 Deployment for the LAN Ron Broersma (Oct 19)
- Re: IPv6 Deployment for the LAN Ray Soucy (Oct 19)
- Re: IPv6 Deployment for the LAN Karl Auer (Oct 21)
- Re: IPv6 Deployment for the LAN David W. Hankins (Oct 22)
- Re: IPv6 Deployment for the LAN Karl Auer (Oct 22)
- Re: IPv6 Deployment for the LAN David W. Hankins (Oct 22)