IPv6 "bloat"

• Previous message (by thread): IPv6 "bloat"
• Next message (by thread): IPv6 "bloat"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Thanks, I didn't think that they'd something that interfered with AAA. 
Using a MAC address as authentication seems sort of sketch to me in the 
first place.

Mike

On 3/19/22 4:14 PM, Tom Beecher wrote:
>
>     Primarily the ability to end-to-end authenticate end devices.   The
>     primary and largest glaring issue is that DHCPv6 from the client does
>     not include the MAC address, it includes the (I believe) UUID.
>
>
> DHCPv6 Option 79
>
> https://datatracker.ietf.org/doc/html/rfc6939
>
>
>
> On Sat, Mar 19, 2022 at 6:58 PM Matt Hoppes 
> <mattlists at rivervalleyinternet.net> wrote:
>
>
>
>     On 3/19/22 6:50 PM, Michael Thomas wrote:
>     >
>     > On 3/19/22 3:47 PM, Matt Hoppes wrote:
>     >> It has "features" which are at a minimum problematic and at a
>     maximum
>     >> show stoppers for network operators.
>     >>
>     >> IPv6 seems like it was designed to be a private network
>     communication
>     >> stack, and how an ISP would use and distribute it was a second
>     though.
>     >
>     > What might those be? And it doesn't seem to be a show stopper
>     for a lot
>     > of very large carriers.
>
>     Primarily the ability to end-to-end authenticate end devices.  The
>     primary and largest glaring issue is that DHCPv6 from the client does
>     not include the MAC address, it includes the (I believe) UUID.
>
>     We have to sniff the packets to figure out the MAC so that we can
>     authenticate the client and/or assign an IP address to the client
>     properly.
>
>     It depends how you're managing the network.  If you're running
>     PPPoE you
>     can encapsulate in that.   But PPPoE is very 1990 and has its own
>     set of
>     problems.  For those running encapsulated traffic, authentication
>     to the
>     modem MAC via DHCP that becomes broken.  And thus far, I have not
>     seen a
>     solution offered to it.
>
>
>     Secondly - and less importantly to deployment, IPv6 also provides a
>     layer of problematic tracking for advertisers.  Where as before many
>     devices were behind a PAT, now every device has a unique ID --
>     probably
>     for the life of the device. Marketers can now pinpoint down not
>     just to
>     an IP address that identifies a single NAT interface, but each
>     individual device.  This is problematic from a data collection
>     standpoint.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20220319/e664e85f/attachment.html>

• Previous message (by thread): IPv6 "bloat"
• Next message (by thread): IPv6 "bloat"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]