Re: comcast ipv6 PTR

[Mark Andrews <marka () isc org>]

In message <87y55sjcc7.fsf () nemi mork no>, =?utf-8?Q?Bj=C3=B8rn_Mork?= writes:
> Lee Howard <Lee () asgard org> writes:
>
> > The 6renum WG at IETF just closed, with a list of work items remaining
> for
> > other WGs to complete.  I recommend RFC6879 in particular, with RFC6866
> > describing some parts of the problems and RFC7010 being the outstanding
> > work.
> >
> > The IETF has generally been taken as an assumption that the home network
> > is
> >
> > unmanaged (see the Homenet charter and architecture document, for
> > instance).
> > The administrator of a managed network can follow RFC6879 and renumber
> > pretty seamlessly.
>
> Yes, given
>  - careful planning
>  - smart macro usage
>  - some scripting
>
> Feel free to show me a typical business site with more than 2 of those
> in place...
>
> FWIW, I did a little exercise on my home network, running just a few
> basic services which I assume most businesses will run as well. This
> resulted in a number of text configuration file formats requiring
> requiring knowlegde of the prefix list (i.e. not suitable for DNS
> names):
>  - spamassasin (trusted_networks)
>  - BIND (recursion allowed acl)

Named actually looks at netmasks and prefix lengths on interfaces
and generates named acls based on those.  Named regularly scans the
interface list and adjusts the named acl based on the changes it sees.
It could use a routing socket rather than a timer to do this.

The default allow-recursion acl uses that named acl.

If the site prefix length was available to it, say via being advertised
in the RA, it would also generate a "localsite" acl.

>  - sendmail (relaying access)
>  - ntp (peer access)
>  - cups (printer access)
>  - squid (http proxy access)
>
> All of these use different configuration syntax and generally do not
> support macro expansion of the prefix.  So you'd have to script any
> updates.

> I'm in particular fond of the sendmail and ntp syntaxes, which can best
> be described as "weird".
>
> sendmail:
>  IPv6:2001:0db8:0f00     RELAY
>
> ntp:
>  restrict 2001:db8:f00:: mask ffff:ffff:ffff:: nomodify
>
> When you can't even standardize on a prefix syntax, how the heck are you
> going to make renumbering seamless??

You have a daemon that reconfigures components of the system when
new interfaces are.  I already have dhclient do this for me with
IPv4.  It already goes and talks to machines on the other side of
the world and reconfigures them because the IPv4 address my ISP is
giving me as changed.

You have templated configuration files for that daemon to use.

> > In the unmanaged home, since everything is automatic, renumbering
> > should be seamless.
>
> Most homes will have at least one manually configured IP device. Typical
> candidates are
>  - printers
>  - media (video and/or audio) playback devices
>  - additional wlan access points
>
> We can close our eyes and ignore them, but they are still there.  Yes,
> yes, the firmware programmers are going to get much much smarter when
> they add IPv6 to these devices.  I'm sure.

Firstly ULA's will save a lot of these devices as they don't need
to be visible outside of the house.  For those that do need to be
externally reachable a "Renumber Ready" campaign would help the
punter choose the right box.

> I'm still in favour of reducing the renumbering burden as much as
> possible, even for home networks.
>
>
> Bjørn
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka () isc org