On Wed, Jun 10, 2015 at 11:51 AM, Matthew Huff <mh...@ox.com> wrote: > +1 > > One IP per device will almost most likely be the preference and > implementation in corporate/enterprise deployments. Too much procedure, > regulation and other roadblocks prevent any other solution. > > Authentication, Authorization, Accounting, ACLS, NMS, IDS, IP management, > custom software, and other roadblocks will certainly stall if not stop IPv6 > deployments in enterprises if there isn’t at least the choice of static, > single IPv6 addresses per device. SLAAC will probably be a complete > non-starter in many corporate environments. It is in ours. The more > ideologues preach about restoring peer-to-peer connectivity, dynamic IPs, > privacy addresses, etc… the less penetration IPv6 will happen in corporate > networks. > > > So, the critical piece of what you assert above appears to be "static", not "single". If a local address management system is always configured to hand out the same /N to the same device, there doesn't seem to be a requirement in the above that N=1.
Lorenzo has detailed why N=1 doesn't work for devices that need to use xlat or which might want to tether other devices; he's volunteered to work with folks on a document and to write code for the case where a device successfully gets a useful value of N>1. Can you help me understand why that doesn't work for you? On the related topic of privacy addresses, I believe we should all be ready for increasing variability in MAC address emitted by devices, and that if you are intending to use MAC auth to assign that /N, you may now be or will soon be surprised. In addition to the work Apple has done and which can be done with Android, see the IEEE work here: http://www.ieee802.org/PrivRecsg/ regards, Ted