There are also devices that will try DHCPv6 regardless of the M/O bits. My HP printer was one.
Tim On 31 Mar 2020, at 04:29, Brian E Carpenter <[email protected]<mailto:[email protected]>> wrote: It seems that the router must be setting both the A bit (use SLAAC) and the M bit (use DHCPv6). So the host is obeying both. There's no real harm in it, in most circumstances. Fixing the ambiguity about what hosts should do about this has often been discussed in the IETF but there's never really been evidence that it's worth doing. Regards Brian Carpenter On 31-Mar-20 13:30, Roger Wiklund wrote: Hi I played around with IPv6 on my Mac today (Mac OS Catalina) and I noticed that besides the IP from DHCPv6 (dynamic) it's also generating two other addresses. ether aa:bb:cc:dd:ee:ff inet6 fe80::1cad:944f:df4a:d123%en0 prefixlen 64 secured scopeid 0x7 inet6 2001:123:44:55:1a:f346:1bef:b88a prefixlen 64 autoconf secured inet6 2001:123:44:55:20ac:49d2:68c5:595b prefixlen 64 autoconf temporary inet6 2001:123:44:55::101 prefixlen 64 dynamic I don't really know that the "secured" address is used for TBH (both autoconf are randomized and not based on the MAC) The temporary address is used for outgoing connections and is changed every so often. The dynamic address if from my DHPv6 server. I think Windows has the same behaivour. This got me thinking, if the temporary address is used as the outgoing source address, this gives me even less incentive to use DHCPv6. Especially since my Juniper SRX supports RDNSS via RA: https://tools.ietf.org/html/rfc8106 set protocols router-advertisement interface ge-0/0/0.20 dns-server-address 2001:4860:4860::8888 lifetime 3600 set protocols router-advertisement interface ge-0/0/0.20 dns-server-address 2001:4860:4860::8844 lifetime 3600 set protocols router-advertisement interface ge-0/0/0.20 prefix 2001:123:44:55::/64 When I read DHCPv6 vs SLAAC it often boils down to "control" but I don't see the need to allocate a dynamic address if the autogenerated are used. For client's you dont really have any inbound connections unless it's a support case. What's your view on this? Thanks!
