See below.
On 12/1/11 5:11 AM, "Dmitry Cherkasov" <doctor...@gmail.com> wrote: >John, > >Due to your note I carefully read again Cable Labs specs and found >that really SLAAC is not prohibited. According to CM-SP-MULPIv3.0: [jjmb] I was part of the team that wrote IPv6 for DOCSIS, so I know the history well. ;) > >* If the M bit in the RA is set to 1, the CM (cable modem) MUST use >DHCPv6 ...; >* If there are no prefix information options in the RA, the CM MUST >NOT perform SLAAC; [jjmb] even if there are PIOs and the A bit is set to 0, the CM will not/must not perform SLAAC. >* If the RA contains a prefix advertisement with the A bit set to 0, >the CM MUST NOT perform SLAAC on that prefix. [jjmb] yes, see above. > >That means that if M bit in the RA is set to 0 and RA contains a >prefix advertisement with the A bit set to 1 nothing prevents CM from >SLAAC. [jjmb] correct. >And if so we probably better reserve /64 per network just in case we >may use SLAAC in it in the future. While we do not use SLAAC we can >shorten the range of actually used IPv6 addresses by using longer then >/64 prefix. [jjmb] I suppose, again not sure why you would want to take this route. This also assumes no PIOs in the RA. Please note there are other operational reason why SLAAC is not a truly deployable alternative. We can discuss off list if you are interested. > >You are completely right that prefix delegation enforce DHCPv6 so >SLAAC mentioned above can be used only for CMs, not for CPE. [jjmb] similar to cable modems, CPEs that only request or require IA_NA could conceivably use SLAAC. Same caveat and comments as above. > >Just a note: as far as I can see available DOCSIS 3.0 CMTSes do not >support the ability of SLAAC for CMs currently (checked Casa and Cisco >uBR10K). [jjmb] I am sure you make it work on at least one of the above. :) > > >Dmitry Cherkasov > > > >2011/11/30 Brzozowski, John <john_brzozow...@cable.comcast.com>: >> Technically this is not true. SLAAC is not prohibited, it does come >>with >> side affects that complicate the deployment of IPv6. It is technically >> feasible to use SLAAC, it is just not practical in most cases. >> >> Stateful DHCPv6 is the preferred mechanism for address and configuration >> assignment. Prefix delegation requires the use of stateful DHCPv6 in >> DOCSIS networks. >> >> John >> ========================================= >> John Jason Brzozowski >> Comcast Cable >> e) mailto:john_brzozow...@cable.comcast.com >> o) 609-377-6594 >> m) 484-962-0060 >> w) http://www.comcast6.net >> ========================================= >> >> >> >> >> On 11/29/11 7:09 AM, "Dmitry Cherkasov" <doctor...@gmail.com> wrote: >> >>>Steven, >>> >>>SLAAC is prohibited for using in DOCSIS networks, router >>>advertisements that allow SLAAC must be ignored by end-devices, >>>therefore DHCPv6 is the only way of configuring (if not talking about >>>statical assignment). I have seen at least Windows7 handling this >>>properly in its default configuration: it starts DHCPv6 negotiation >>>instead of auto-configuration. >>> >>>Dmitry Cherkasov >>> >>> >>> >>>2011/11/29 Steven Bellovin <s...@cs.columbia.edu>: >>>> >>>> On Nov 28, 2011, at 4:51 52PM, Owen DeLong wrote: >>>> >>>>> >>>>> On Nov 28, 2011, at 7:29 AM, Ray Soucy wrote: >>>>> >>>>>> It's a good practice to reserve a 64-bit prefix for each network. >>>>>> That's a good general rule. For point to point or link networks you >>>>>> can use something as small as a 126-bit prefix (we do). >>>>>> >>>>> >>>>> Technically, absent buggy {firm,soft}ware, you can use a /127. >>>>>There's >>>>>no >>>>> actual benefit to doing anything longer than a /64 unless you have >>>>> buggy *ware (ping pong attacks only work against buggy *ware), >>>>> and there can be some advantages to choosing addresses other than >>>>> ::1 and ::2 in some cases. If you're letting outside packets target >>>>>your >>>>> point-to-point links, you have bigger problems than neighbor table >>>>> attacks. If not, then the neighbor table attack is a bit of a >>>>>red-herring. >>>>> >>>> >>>> The context is DOCSIS, i.e., primarily residential cable modem users, >>>>and >>>> the cable company ISPs do not want to spend time on customer care and >>>> hand-holding. How are most v6 machines configured by default? That >>>>is, >>>> what did Microsoft do for Windows Vista and Windows 7? If they're set >>>>for >>>> stateless autoconfig, I strongly suspect that most ISPs will want to >>>>stick >>>> with that and hand out /64s to each network. (That's apart from the >>>>larger >>>> question of why they should want to do anything else...) >>>> >>>> >>>> --Steve Bellovin, https://www.cs.columbia.edu/~smb >>>> >>>> >>>> >>>> >>>> >>>> >>> >>