Mac OS X 10.7, still no DHCPv6

Ray Soucy rps at maine.edu
Sun Feb 27 22:42:19 UTC 2011


You can write script to poll routers for IPv6 neighbors, and store
those in a database.  That will get you the IPv6 to MAC association.
Then poll L2 devices for MAC address tables for the MAC to port
association.

We've had such a system in place for a few years now to map addresses
to ports, etc., it also checks for rogue RA.  It's messy (and I don't
like the extra load it causes on routers).

If we had things like DHCPv6 snooping, RA guard (which you can
implement with PACLs), and IPv6 source verification we wouldn't need
it.

Thankfully most of these are all in the pipeline.

On Sun, Feb 27, 2011 at 5:32 PM, Karl Auer <kauer at biplane.com.au> wrote:
> On Sun, 2011-02-27 at 14:47 +0000, Leigh Porter wrote:
>> Does anybody have anything neat to keep logs of what host gets what
>> ipv6 address in an SLAAC environment?
>
> How do you define "what host"? If it's by MAC address (and you are not
> using temporary, cryptographic or random addresses), then the MAC is in
> the address the host ends up using.
>
> Also, as someone else said, hosts don't "get" addresses via SLAAC - they
> generate them. That means that while you may be able to predict what
> they *will* use, you would need to snoop NDP to find out what they *are*
> using, and even more so for temporary, cryptographic and random
> addresses.
>
> I have no experience of anything that actually does this, but it would
> be fairly simple to do. NDP will end up snooped in routers and switches
> for lots of reasons, so expect to see such features in real kit pretty
> soon. Make sure you let your vendor know what you want/need...
>
> Regards, K.
>
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Karl Auer (kauer at biplane.com.au)                   +61-2-64957160 (h)
> http://www.biplane.com.au/kauer/                   +61-428-957160 (mob)
>
> GPG fingerprint: DA41 51B1 1481 16E1 F7E2 B2E9 3007 14ED 5736 F687
> Old fingerprint: B386 7819 B227 2961 8301 C5A9 2EBC 754B CD97 0156
>



-- 
Ray Soucy

Epic Communications Specialist

Phone: +1 (207) 561-3526

Networkmaine, a Unit of the University of Maine System
http://www.networkmaine.net/




More information about the NANOG mailing list