2011/3/9 Mark Smith <i...@69706e6720323030352d30312d31340a.nosense.org>
> On Tue, 8 Mar 2011 23:09:46 +0800 > "Yu Hua bing" <yhb810...@gmail.com> wrote: > > > Hi, I have submit draft-yhb-6man-ra-privacy-flag-02. The problem to > > be solved is as follows: > > > > In some sites, the network administrators want to deploy stateless > > address autoconfiguration, and just permit the hardware-derived > > addresses to communicate with the Internet.They will do as follows: > > > <snip> > > > > Now we can provide two solutions to the network administrators: > > (1) SLAAC + bind the MAC address and the hardware-derived address on > the access switch + disable the temporary addresses > > (2) DHCPv6 + DHCPv6 snooping > > The first solution is cheaper, and is easier to deploy. > > You'd be better off focusing on address usage and recording > mechanisms, which will not require changes to end-nodes, would be > compatible with all current addressing methods (i.e. SLAAC, DHCPv6, > static), and would also inherently accommodate any future > addressing methods (how ever unlikely that may be of occuring). That > will be the cheapest and most effective solution to your problem. > > Neighbor caches, Duplicate Address Detection and Neighbor > Unreachability Detection create enough externally visible information > and maintain enough state to track appearance, continued existence and > the disappearance of nodes using IPv6. Develop a mechanism that > externally records the state transitions you're interested in, and I > think you'd have an adequate solution to your problem without having > develop additional IPv6 related addressing mechanisms and then having > to deploy them to end-nodes on a wide scale. > > http://ndpmon.sourceforge.net/ is an example of the sorts of things > people are already using external observance of ND transactions for. It > can already record new station, new IPv6 Global Address and new > Link Local Address. It probably wouldn't be too hard to make it also > record when stations disappear. Ideally it'd be best to utilise the > underlying operating system's existing NUD mechanism to do this > tracking. > > Regards, > Mark. > In some sites, the network administrators want to prevent the host from using any IPv6 address, like DHCPv6 plus DHCPv6 snooping. Your method can't.
-------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------