Re: draft-yhb-6man-ra-privacy-flag-01

Wed, 02 Mar 2011 18:58:45 -0800 

On Wed, 2 Mar 2011, james woodyatt wrote:
The current revision of the draft contains a normative reference to RFC 4941 but it doesn't seem to have any language in section 2.3 specifying host behavior that would prevent it from using any other sort of statelessly autoconfigured addresses that would pose the same problem for network administrators that privacy addresses do, i.e. make it difficult to identify authoritatively which host is the originator of any particular traffic given only the source addresses in the captured IPv6 headers. It just says, hosts MUST have a conceptual variable that controls whether they generate temporary addresses. That doesn't prevent them from generating persistent ones that pose the same problem for network administrators as RFC 4941 privacy addresses. 


In our testing, the only way we found to achieve this was to not announce 
any on-net prefix and using the M-flag to make the client ask for DHCPv6 
address.



I've asked this before in different fora because I have not been able to 
find any RFC text.


Wen an on-link prefix is present and the M-flag is set, RFC4861 says:

M              1-bit "Managed address configuration" flag.  When
                     set, it indicates that addresses are available via
                     Dynamic Host Configuration Protocol [DHCPv6].


It doesn't say "don't do SLAAC and only get addresses from IPv6". So my 
interpretation is that as soon as there is an on-link prefix, hosts will 
do SLAAC regardless of M flag 0 or 1.



So let's say I want to disallow SLAAC, I want to hand out addresses using 
DHCPv6, but I still want the hosts to be able to talk L2 directly to each 
other within the subnet.



How should I configure things when it comes to information in RA and 
DHCPv6? If this isn't possible, was this intentional behaviour from the 
beginning, that DHCPv6 hosts without SLAAC can't get an on-link prefix but 
they must go through the router to talk to each other?


--
Mikael Abrahamsson    email: swm...@swm.pp.se
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------






















					Reply via email to