On 27 dec 2007, at 12:44, [EMAIL PROTECTED] wrote:
I agree that DHCPv6 prefix delegation (for instance a /56) to a CPE
which provides configuration to hosts on its LAN side sounds like a
reasonable model. It requires the customer to have a CPE with actual
*router* functionality, as opposed to just a bridge. This is different
from today's requirements, but may not be unreasonable.
Ok, that would be CPE == modem. Another line of thought would be a
bridging modem + a routing CPE that the customer provides. This would
be similar to the home "routers" that you can buy today. (A lot of
ISPs, especially in the are I just moved to, insist on providing you
with a "free" "router" rather than just a modem, yuck!)
Ideally, a bridging modem would be able to talk to both individual
hosts, just like it can on IPv4, or to a router provided by the
customer. But unlike with IPv4, these modes of operation would have to
be different in the absense of NAT. Providing a prefix to a user is
actually the simple part, because there is really only one way to do
it (short of manual configuration): DHCPv6 prefix delegation. The
trouble is how ISP equipment talks to the first IPv6 device on the
customer side. The easy way would be to have a separate VLAN and IPv6
subnet for that for each customer but I gather that means more
expensive equipment. Using the IPv4 model with DHCPv6 wouldn't work
well because of the low DHCPv6 adoption. (This problem may or may not
go away in time; I gather that Vista has it but that Apple isn't
interested in adopting DHCPv6.)
However, rather than snooping DHCP messages and inserting DHCP
options, with IPv6 DSL/cable equipment on the ISP side (or even the
modem) could intercept and modify router advertisements so each
customer gets their own prefix advertised. If we then do some ingress
filtering based on that prefix and force all traffic through the first
IPv6 router on the ISP side this could work very well. Interestingly,
in IPv6 there is no need for a default gateway to have an address in
the subnet prefix that hosts use. So the problem that you'd have with
this in IPv4, that two neighbors can't communicate because the hosts
think they're on the same IP subnet but direct traffic between them is
blocked, doesn't occur. (Unless the router sends redirects.)
On 27 dec 2007, at 13:11, Mark Smith wrote:
I think it's interesting CGAs are being discussed in the same email as
the one where you say you want to be able to express prefix length
in DHCPv6 -
because I'm guessing you want that feature to be able to shorten node
addresses.
Actually I spoke up against that in the last IETF meeting. Maybe in 20
years when we made such a mess of the other bits that we need to
recover some of those interface identifier bits.
The issue with lacking a prefix length in DHCPv6 doesn't really lead
to any trouble in normal operation, but it does make DHCPv6 mostly
useless in one of the cases that it's advertised for: the situation
where there is no router on the subnet. In that case, if host A gets
2001::a and host B gets 2001::b but they don't know the subnet size,
the conservative assumption is /128 which means that they can't
communicate. Hardcoding /64 would be bad, even in router
advertisements the prefix length is carried explicitly even though
stateless autoconfig won't work if it's not 64.
On 27 dec 2007, at 13:19, Mark Smith wrote:
there are currently no ISPs and no CPEs that do
that, as far as I know.
I haven't had a chance to test it, but according to "Deploying IPv6
Networks", IOS can support DHCPv6 based prefix delegation. It even
supports multiple downstream interfaces on the CPE - you configure the
subnet number you want on each of the interfaces, and the CPE will
configure the DHCP-PD learned /48 on the front of them automatically
and then start announcing those prefixes in RAs out those interfaces.
You're absolutely right. For some reason it never connected in my
brain that my Cisco 826/827 (I always forget which) ADSL router
supports this, even with a 3 year old IOS. I think when I tested this
I did so on a bunch of 2500s. But if you look at Apple's Airport
Extreme base station, for instance, that box will only terminate a
tunnel and not handle any kind of native IPv6 routing.
See http://www1.ietf.org/mail-archive/web/ipv6/current/msg08798.html
for a small config example.
(I think someone said the Airport Extreme bridges IPv6 and routes IPv4
(or maybe the other way around), which isn't true. You can configure
it to bridge or do IPv4 NAT and separately from that to route between
an IPv6 manual or 6to4 tunnel and the LAN ports (+ WAN port when
bridging).)