Re: IPv6 Prefix Delegation to customers.
Hi, > > Where I am struggling is the Prefix Delegation part. How are most > folks getting the PD subnets into their IGPs? In my environment I > don’t run the DHCP server process on the router that is directly > connected to the clients. > Our project dhcpy6d allows to call some command when a prefix has been delegated. This can be used to set this route via a ssh on the router device. Maybe this would work for you too? Best regards -- Henri Wahl IT Department Leibniz-Institut fuer Festkoerper- u. Werkstoffforschung Dresden tel: +49 (3 51) 46 59 - 797 email: h.w...@ifw-dresden.de https://www.ifw-dresden.de Nagios status monitor Nagstamon: https://nagstamon.ifw-dresden.de DHCPv6 server dhcpy6d: https://dhcpy6d.ifw-dresden.de S/MIME: https://nagstamon.ifw-dresden.de/pubkeys/smime.pem PGP: https://nagstamon.ifw-dresden.de/pubkeys/pgp.asc smime.p7s Description: S/MIME Cryptographic Signature
DHCPv6 relay software with RFC 6939 support
Hello world, does anybody know of an open-source DHCPv6 relay software which supports client link-layer option as in RFC 6939? Thanks and regards Henri -- Henri Wahl IT Department Leibniz-Institut fuer Festkoerper- u. Werkstoffforschung Dresden tel: +49 (3 51) 46 59 - 797 email: h.w...@ifw-dresden.de https://www.ifw-dresden.de Nagios status monitor Nagstamon: https://nagstamon.ifw-dresden.de DHCPv6 server dhcpy6d: https://dhcpy6d.ifw-dresden.de S/MIME: https://nagstamon.ifw-dresden.de/pubkeys/smime.pem PGP: https://nagstamon.ifw-dresden.de/pubkeys/pgp.asc IFW Dresden e.V., Helmholtzstrasse 20, D-01069 Dresden VR Dresden Nr. 1369 Vorstand: Prof. Dr. Burkard Hillebrands, Dr. Doreen Kirmse 0x83E6CEC2.asc Description: application/pgp-keys 0x83E6CEC2.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature
Re: IPv6 Security
> It is reality. DHCPv6 needs to take reality into account. > One modest attempt to do so is dhcpy6d at https://dhcpy6d.ifw-dresden.de. Still work in progress and might not fit into every environment but helps some others. Regards -- Henri Wahl IT Department Leibniz-Institut fuer Festkoerper- u. Werkstoffforschung Dresden tel: (03 51) 46 59 - 797 email: h.w...@ifw-dresden.de http://www.ifw-dresden.de Nagios status monitor Nagstamon: http://nagstamon.ifw-dresden.de DHCPv6 server dhcpy6d: http://dhcpy6d.ifw-dresden.de IFW Dresden e.V., Helmholtzstrasse 20, D-01069 Dresden VR Dresden Nr. 1369 Vorstand: Prof. Dr. Juergen Eckert, Dr. h.c. Dipl.-Finw. Rolf Pfrengle -- Henri Wahl IT Department Leibniz-Institut fuer Festkoerper- u. Werkstoffforschung Dresden tel: (03 51) 46 59 - 797 email: h.w...@ifw-dresden.de http://www.ifw-dresden.de Nagios status monitor Nagstamon: http://nagstamon.ifw-dresden.de DHCPv6 server dhcpy6d: http://dhcpy6d.ifw-dresden.de IFW Dresden e.V., Helmholtzstrasse 20, D-01069 Dresden VR Dresden Nr. 1369 Vorstand: Prof. Dr. Juergen Eckert, Dr. h.c. Dipl.-Finw. Rolf Pfrengle signature.asc Description: OpenPGP digital signature
Microsoft security contact
Hello, can someone from Microsoft responsible for security contact me off-list please? Thanks & regards -- Henri Wahl IT Department Leibniz-Institut fuer Festkoerper- u. Werkstoffforschung Dresden tel: (03 51) 46 59 - 797 email: h.w...@ifw-dresden.de http://www.ifw-dresden.de Nagios status monitor Nagstamon: http://nagstamon.ifw-dresden.de DHCPv6 server dhcpy6d: http://dhcpy6d.ifw-dresden.de IFW Dresden e.V., Helmholtzstrasse 20, D-01069 Dresden VR Dresden Nr. 1369 Vorstand: Prof. Dr. Juergen Eckert, Dr. h.c. Dipl.-Finw. Rolf Pfrengle signature.asc Description: OpenPGP digital signature
dhcpy6d - a MAC address aware DHCPv6 server
Hello World, like other people we had the problem that existing DHCPv6 servers do not evaluate the MAC address of clients, following RFC 3315. The IPv4 clients already are managed via their MAC addresses so we wanted to use these identifiers for IPv6 too for our dualstack network. At the end we had to write our own DHCPv6 server dhcpy6d which I want to present here to a larger audience. It runs on Linux, tested on Debian and CentOS. It gets the client MAC addresses from neighbor cache by calling "ip -6 neigh" and caches them itself, allowing to access the already working MAC-based IPv4 infrastructure. This obviously only works on the local subnet but might be worked around with several servers being connected via database storage of clients and leases. Features are: - identifies clients by MAC address, DUID or hostname - generates addresses randomly, by MAC address, by range or by given ID - filters clients by MAC, DUID or hostname - assignes more than one address per client - allows to organize clients in different classes - stores leases in MySQL or SQLite database - client information can be retrieved from database or textfile - dynamically updates DNS (Bind) We run it with ~500 clients without problems. I am interested if it would run in larger environments too. If not, how to make it running. Bugs and ideas how to improve it are welcome too. Packages are not yet available but the Python code should run as is. See further details at http://dhcpy6d.ifw-dresden.de Best regards Henri Wahl -- Henri Wahl IT Department Leibniz-Institut für Festkörper- u. Werkstoffforschung Dresden tel. (03 51) 46 59 - 797 email: h.w...@ifw-dresden.de http://www.ifw-dresden.de Nagios status monitor for your desktop: http://nagstamon.ifw-dresden.de IFW Dresden e.V., Helmholtzstraße 20, D-01069 Dresden VR Dresden Nr. 1369 Vorstand: Prof. Dr. Ludwig Schultz, Dr. h.c. Dipl.-Finw. Rolf Pfrengle smime.p7s Description: S/MIME Kryptografische Unterschrift
Re: dhcpy6d - a MAC address aware DHCPv6 server
Hi, > If you're on local subnet, why not pull the MAC address out of the > received packet? > The used SocketServer module of Python has no support for raw sockets, as far as I see. Let me know if there is a way to get the MAC in a cleaner way. > Further, what happens to this when IPv4 goes away? > Will that day ever come? :-) I think until this day a lot of RFCs will be written. This server here just allows to make transistion easier. And, it also allows the use of DUIDs, so it might work in an IPv6-only world. Regards Henri -- Henri Wahl IT Department Leibniz-Institut für Festkörper- u. Werkstoffforschung Dresden tel. (03 51) 46 59 - 797 email: h.w...@ifw-dresden.de http://www.ifw-dresden.de http://nagstamon.ifw-dresden.de http://dhcpy6d.ifw-dresden.de IFW Dresden e.V., Helmholtzstraße 20, D-01069 Dresden VR Dresden Nr. 1369 Vorstand: Prof. Dr. Ludwig Schultz, Dr. h.c. Dipl.-Finw. Rolf Pfrengle smime.p7s Description: S/MIME Kryptografische Unterschrift
Re: dhcpy6d - a MAC address aware DHCPv6 server
Hi Owen, > |ioctl(sock, SIOCGIFADDR, &ifr)| > > Shouldn't that do the trick? I don't know if Python can do that or not, but > if it can't, that's pretty weak. > > As far as I was able to find out this only gives back the local MAC address which is of no use here. To be independent of external call I at least for Linux managed to access neighbor cache via netlink socket as the "ip" command itself does. Thus no external call is necessary anymore. Regards Henri -- Henri Wahl IT Department Leibniz-Institut für Festkörper- u. Werkstoffforschung Dresden tel. (03 51) 46 59 - 797 email: h.w...@ifw-dresden.de http://www.ifw-dresden.de http://nagstamon.ifw-dresden.de http://dhcpy6d.ifw-dresden.de IFW Dresden e.V., Helmholtzstraße 20, D-01069 Dresden VR Dresden Nr. 1369 Vorstand: Prof. Dr. Ludwig Schultz, Dr. h.c. Dipl.-Finw. Rolf Pfrengle smime.p7s Description: S/MIME Kryptografische Unterschrift
Re: How are you doing DHCPv6 ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > So back in 2012 there was some discussion on DHCPv6 and the > challenge of using a DUID in a dual-stack environment where > MAC-based assignments are already happening though an IPAM. > Have a look at https://dhcpy6d.ifw-dresden.de, our MAC address aware DHCPv6 server. Uses neighbor cache to get the MACs. Might only work in smaller environments but does its job. Regards Henri - -- Henri Wahl IT Department Leibniz-Institut fuer Festkoerper- u. Werkstoffforschung Dresden tel: +49 (3 51) 46 59 - 797 email: h.w...@ifw-dresden.de https://www.ifw-dresden.de Nagios status monitor Nagstamon: https://nagstamon.ifw-dresden.de DHCPv6 server dhcpy6d: https://dhcpy6d.ifw-dresden.de S/MIME: https://nagstamon.ifw-dresden.de/pubkeys/smime.pem PGP: https://nagstamon.ifw-dresden.de/pubkeys/pgp.asc IFW Dresden e.V., Helmholtzstrasse 20, D-01069 Dresden VR Dresden Nr. 1369 Vorstand: Prof. Dr. Manfred Hennecke, Kaufmännische Direktorin i. V. Dipl.-Kffr. Friederike Jaeger -BEGIN PGP SIGNATURE- Version: GnuPG v2 iEYEARECAAYFAlUc8M4ACgkQnmb3Nh+6CUKSWwCaAqEcs4aywaaS8z4F5Ah6A0V/ aSIAn3WoD2dKEtlWrhdKdAS9UU9tMoPG =5OJu -END PGP SIGNATURE-
blogs.cisco.com not available via IPv6
Hi, can anybody from Cisco confirm that blogs.cisco.com (2001:4800:13c1:10::178) is not available via IPv6? Regards -- Henri Wahl IT Department Leibniz-Institut fuer Festkoerper- u. Werkstoffforschung Dresden tel: (03 51) 46 59 - 797 email: h.w...@ifw-dresden.de http://www.ifw-dresden.de Nagios status monitor Nagstamon: http://nagstamon.ifw-dresden.de DHCPv6 server dhcpy6d: http://dhcpy6d.ifw-dresden.de IFW Dresden e.V., Helmholtzstrasse 20, D-01069 Dresden VR Dresden Nr. 1369 Vorstand: Prof. Dr. Juergen Eckert, Dr. h.c. Dipl.-Finw. Rolf Pfrengle 0x1FBA0942.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature
