IPv6 prefixes longer then /64: are they possible in DOCSIS networks?

Ray Soucy rps at maine.edu
Tue Nov 29 17:06:26 UTC 2011


We have an in-house IPAM system that's built on top of ISC DHCPd.

As far as DHCPd configuration is concerned we only ever hand out
static assignments; we have a different process that monitors
un-responded requests coming in; allocates an address from the
database (if permitted by the logic), and then dynamically updates
DHCPd via omapi with the [dynamic] static assignment.

It's a little more involved than that; but on a basic level, we only
hand out addresses (IPv4 or IPv6) to "registered" hosts in the
database.

A dhcpd.conf for IPv6 would look something like:

----8<----
subnet6 2001:db8:100:1442::/120 {option dhcp6.name-servers
2001:db8:100:820::b,2001:db8:100:482::7;}

host example-hostname.net.maine.edu {hardware ethernet
78:2b:cb:98:ab:cd; fixed-address6 2001:db8:100:1442::13;}
----8<----

An example using the DUID:

"host-identifier option dhcp6.client-id
00:01:00:01:11:ee:71:12:00:1a:a0:aa:aa:7f;"

Note that with newer versions of ISC DHCPd you can specify a MAC
address instead of a DUID; and if the DUID is based on that MAC it
will match.  Still waiting on ISC to allow us to also specify the
IAID, as it would be an issue if a host had multiple NICs in use,
since the DUID is shared, though, but there is always manual
configuration for that special case until then.

Using DHCPv6 to only hand out addresses to hosts we want to have an
address has allowed us to make IPv6 ubiquitous across our 7 member
universities, and participants in our R&E network.  Attempts to roll
out IPv6 with SLAAC was a non-starter politically; people don't like
the idea of every host on a subnet grabbing an IPv6 address unless
configured not to do so; especially when you consider security
concerns, and potential bugs with older IPv6 implementations (RHEL 3
and kernel panic when IPv6 connection is received, for example).

On Tue, Nov 29, 2011 at 11:46 AM, Leo Bicknell <bicknell at ufp.org> wrote:
> In a message written on Tue, Nov 29, 2011 at 11:39:06AM -0500, Ray Soucy wrote:
>> We run both systems, in production, using DHCPv6 on prefixes much
>> smaller than 64-bit (typically 120 or 119; we mirror whatever the IPv4
>> prefix length is).
>
> Can you explain a bit more about how this works?  My understanding
> of the current DHCPv6 implementations is that they had a hard
> assumption of a /64 prefix and the ability to do SLAAC and hear a
> valid RA in order to do DHCPv6.  Are you doing anything special to
> make this happen with smaller subnets?
>
> --
>       Leo Bicknell - bicknell at ufp.org - CCIE 3440
>        PGP keys at http://www.ufp.org/~bicknell/
>



-- 
Ray Soucy

Epic Communications Specialist

Phone: +1 (207) 561-3526

Networkmaine, a Unit of the University of Maine System
http://www.networkmaine.net/




More information about the NANOG mailing list