Thanks, Darren. This mostly has to do with how the clients in the space USE the v6 PDs. It’s a MAP-T environment where use of that block correlates to that client devices sending all traffic using source-ports of 1-1023 (which is obviously problematic). Unlikely corner case, just trying to ensure this will work the way we are hoping IF it’s used.
Thanks. Dan From: Kea-users <kea-users-boun...@lists.isc.org> on behalf of Darren Ankney <darren.ank...@gmail.com> Date: Friday, June 23, 2023 at 6:31 AM To: kea-users@lists.isc.org <kea-users@lists.isc.org> Subject: [EXTERNAL] Re: [Kea-users] Dhcp6 Prefix Exclude use case question Hi Dan, I don't think that is the purpose of the option, but I suppose if no device asks for an excluded prefix then the prefix will not be allocated to any device. How would you be able to guarantee this? I would think a better solution would be to engineer your network differently such that you don't need to leave off part of the prefix delegation. Surely there are plenty of IPv6 subnets to go around to accomplish this? Thank you, Darren Ankney On Wed, Jun 21, 2023 at 5:09 PM Dan Geist <d...@polter.net> wrote: > > Greetings, all. I'm exploring using the "prefix exclude" feature to do > something a little different than what it's RFC describes and would like to > know if my scenario would work. In the kea ARM, the example config is as > follows: > > "Dhcp6": { > "subnet6": [ > { > "subnet": "2001:db8:1::/48", > "pd-pools": [ > { > "prefix": "2001:db8:1:8000::", > "prefix-len": 56, > "delegated-len": 64, > "excluded-prefix": "2001:db8:1:8000:cafe:80::", > "excluded-prefix-len": 72 > } > ] > } > ] > } > > This allows a device that sends a Prefix Exclude option to be allocated the > indicated /72. > > In my environment, we'd like to be able to allocate PDs from a block that is > discrete from the subnet and in which the very first PD is NEVER assigned, > ala: > > "Dhcp6": { > "subnet6": [ > { > "subnet": "2001:db8:1::/48", > "pd-pools": [ > { > "prefix": "2001:db8:2::", > "prefix-len": 48, > "delegated-len": 60, > "excluded-prefix": "2001:db8:2::", > "excluded-prefix-len": 60 > } > ] > } > ] > } > > Assuming I don't have any dhcpv6 endpoint devices sending the excluded prefix > option, does this accomplish what I'm attempting, which is: never use the > first /60 from the PD /48 prefix? > > Thanks > Dan > > -- > Dan Geist dan(@)polter.net > > -- > ISC funds the development of this software with paid support subscriptions. > Contact us at > https://urldefense.com/v3/__https://www.isc.org/contact/__;!!Hit2Ag!ztViBv-QgmZ06HbBl5Y9ZrN-Xr4nESzE_PPkzf-YD9ap-HY5JI-eQbQj327_Nf3TbzbiCDtd_plvYVpxEDd1KQ$<https://urldefense.com/v3/__https:/www.isc.org/contact/__;!!Hit2Ag!ztViBv-QgmZ06HbBl5Y9ZrN-Xr4nESzE_PPkzf-YD9ap-HY5JI-eQbQj327_Nf3TbzbiCDtd_plvYVpxEDd1KQ$> > for more information. > > To unsubscribe visit > https://urldefense.com/v3/__https://lists.isc.org/mailman/listinfo/kea-users__;!!Hit2Ag!ztViBv-QgmZ06HbBl5Y9ZrN-Xr4nESzE_PPkzf-YD9ap-HY5JI-eQbQj327_Nf3TbzbiCDtd_plvYVqNnhhgkw$<https://urldefense.com/v3/__https:/lists.isc.org/mailman/listinfo/kea-users__;!!Hit2Ag!ztViBv-QgmZ06HbBl5Y9ZrN-Xr4nESzE_PPkzf-YD9ap-HY5JI-eQbQj327_Nf3TbzbiCDtd_plvYVqNnhhgkw$> > . > > Kea-users mailing list > Kea-users@lists.isc.org > https://urldefense.com/v3/__https://lists.isc.org/mailman/listinfo/kea-users__;!!Hit2Ag!ztViBv-QgmZ06HbBl5Y9ZrN-Xr4nESzE_PPkzf-YD9ap-HY5JI-eQbQj327_Nf3TbzbiCDtd_plvYVqNnhhgkw$<https://urldefense.com/v3/__https:/lists.isc.org/mailman/listinfo/kea-users__;!!Hit2Ag!ztViBv-QgmZ06HbBl5Y9ZrN-Xr4nESzE_PPkzf-YD9ap-HY5JI-eQbQj327_Nf3TbzbiCDtd_plvYVqNnhhgkw$> -- ISC funds the development of this software with paid support subscriptions. Contact us at https://urldefense.com/v3/__https://www.isc.org/contact/__;!!Hit2Ag!ztViBv-QgmZ06HbBl5Y9ZrN-Xr4nESzE_PPkzf-YD9ap-HY5JI-eQbQj327_Nf3TbzbiCDtd_plvYVpxEDd1KQ$<https://urldefense.com/v3/__https:/www.isc.org/contact/__;!!Hit2Ag!ztViBv-QgmZ06HbBl5Y9ZrN-Xr4nESzE_PPkzf-YD9ap-HY5JI-eQbQj327_Nf3TbzbiCDtd_plvYVpxEDd1KQ$> for more information. To unsubscribe visit https://urldefense.com/v3/__https://lists.isc.org/mailman/listinfo/kea-users__;!!Hit2Ag!ztViBv-QgmZ06HbBl5Y9ZrN-Xr4nESzE_PPkzf-YD9ap-HY5JI-eQbQj327_Nf3TbzbiCDtd_plvYVqNnhhgkw$<https://urldefense.com/v3/__https:/lists.isc.org/mailman/listinfo/kea-users__;!!Hit2Ag!ztViBv-QgmZ06HbBl5Y9ZrN-Xr4nESzE_PPkzf-YD9ap-HY5JI-eQbQj327_Nf3TbzbiCDtd_plvYVqNnhhgkw$> . Kea-users mailing list Kea-users@lists.isc.org https://urldefense.com/v3/__https://lists.isc.org/mailman/listinfo/kea-users__;!!Hit2Ag!ztViBv-QgmZ06HbBl5Y9ZrN-Xr4nESzE_PPkzf-YD9ap-HY5JI-eQbQj327_Nf3TbzbiCDtd_plvYVqNnhhgkw$<https://urldefense.com/v3/__https:/lists.isc.org/mailman/listinfo/kea-users__;!!Hit2Ag!ztViBv-QgmZ06HbBl5Y9ZrN-Xr4nESzE_PPkzf-YD9ap-HY5JI-eQbQj327_Nf3TbzbiCDtd_plvYVqNnhhgkw$>
-- ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users. Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users