How are you doing DHCPv6 ?
Randy Carpenter
rcarpen at network1.net
Mon Jan 23 23:12:07 UTC 2012
Controlled by software = not constant.
It is also not likely to be something that is knowable on a piece of electronic gear that is not a PC, nor will it be something that can be printed on the outside of the device, like most today.
-Randy
----- Original Message -----
> Yes, DUID and IAID should be persistent on systems. If they are not
> then they are not following the RFC.
>
> Note that bad practices, though, can remove that persistence (e.g.
> deleting the DUID, or replicating the DUID on other systems).
>
> On Mon, Jan 23, 2012 at 5:56 PM, Karl Auer <kauer at biplane.com.au>
> wrote:
> > On Mon, 2012-01-23 at 17:26 -0500, Randy Carpenter wrote:
> >> One major issue is that there is no way to associate a user's MAC
> >> (for
> >> IPv4) with their DUID. I haven't been able to find a way to
> >> account
> >> for this without making the user authenticate once for IPv4, and
> >> then
> >> again for IPv6. This is cumbersome to the user. Also, in the past
> >> there have been various reason why we want to pre-authenticate a
> >> client's MAC address (mostly for game consoles, and such, which
> >> have
> >> the MAC written on the outside of the machine). How can this be
> >> done
> >> with IPv6, which the DUID is not constant?
> >
> > Perhaps I misunderstand you (or the RFCs) but it seems to me that
> > the
> > DUID *is* constant. Reading section 9 of RFC 3315, it's pretty
> > clear
> > that a DUID is generated once, according to simple rules, and does
> > not
> > change once it has been generated. Barring intervention, of course.
> >
> > The problem is how to either find out ahead of time what DUID a
> > client
> > has OR how to impose a specific DUID on a client as part of
> > provisioning
> > it. Neither of those issues looks particularly intractable,
> > especially
> > if vendors start shipping with pre-configured DUIDs that are
> > written on
> > the boxes.
> >
> > What do you mean by "authenticate"? Do you mean something like
> > 802.1x?
> >
> > Regards, K.
> >
> > --
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > Karl Auer (kauer at biplane.com.au)
> > http://www.biplane.com.au/kauer
> >
> > GPG fingerprint: AE1D 4868 6420 AD9A A698 5251 1699 7B78 4EEE 6017
> > Old fingerprint: DA41 51B1 1481 16E1 F7E2 B2E9 3007 14ED 5736 F687
>
>
>
> --
> Ray Soucy
>
> Epic Communications Specialist
>
> Phone: +1 (207) 561-3526
>
> Networkmaine, a Unit of the University of Maine System
> http://www.networkmaine.net/
>
>
>
More information about the NANOG
mailing list