Re: Mac OS X 10.7, still no DHCPv6

One issue with this is that distributions like RHEL don't open DHCPv6 in the default firewall policy. On Mar 4, 2011 7:17 AM, "Jay Cornwall" wrote: > On Fri, 4 Mar 2011 00:24:48 + (UTC), Bernhard Schmidt wrote: > >> Mikael Abrahamsson wrote: >> >>> On a more serious note, I can on my Ubuntu

Re: Mac OS X 10.7, still no DHCPv6

On Fri, 4 Mar 2011 00:24:48 + (UTC), Bernhard Schmidt wrote: Mikael Abrahamsson wrote: On a more serious note, I can on my Ubuntu machine just "apt-get install wide-dhcpv6-client" and I get dhcpv6, it'll properly put stuff in resolv.conf for dns-over-ipv6 transport, even though the conne

Re: Mac OS X 10.7, still no DHCPv6

Mikael Abrahamsson wrote: > On a more serious note, I can on my Ubuntu machine just "apt-get install > wide-dhcpv6-client" and I get dhcpv6, it'll properly put stuff in > resolv.conf for dns-over-ipv6 transport, even though the connection > manager knows nothing about it, at least dual stack w

Re: Mac OS X 10.7, still no DHCPv6

On 01/03/2011 04:24, Joel Jaeggli wrote: Oddly enough the meeting NOC is in the business of providing services to customers and we generally assume that to be with the highest availability and minimum breakage feasible under the circumstances... That is exactly my point. [...] I am mystifi

Re: Mac OS X 10.7, still no DHCPv6

On Feb 28, 2011, at 9:23 PM, Mark Newton wrote: > > On 01/03/2011, at 1:23 AM, Brian Johnson wrote: > >> Can someone explain what exactly the security threat is? > > > If I see two IPv6 addresses which share the same 64 bit suffix, > I can be reasonably certain that they both correspond to th

Re: Mac OS X 10.7, still no DHCPv6

On 2/28/11 9:34 PM, Dobbins, Roland wrote: > > On Mar 1, 2011, at 12:23 PM, Mark Newton wrote: > >> That's new, and (to my mind) threatening. We've not even begun to >> consider the attack vectors that'll open up. given that rfc 3041 had it's 10th birthday in january there's nothing new about a

Re: Mac OS X 10.7, still no DHCPv6

On Mar 1, 2011, at 12:23 PM, Mark Newton wrote: > That's new, and (to my mind) threatening. We've not even begun to consider > the attack vectors that'll open up. I don't think it's new at all, given the amount of information available today that you already cite, down to and including sniff

Re: Mac OS X 10.7, still no DHCPv6

On 01/03/2011, at 1:23 AM, Brian Johnson wrote: > Can someone explain what exactly the security threat is? If I see two IPv6 addresses which share the same 64 bit suffix, I can be reasonably certain that they both correspond to the same device because they'll both be generated by the same MAC a

Re: Mac OS X 10.7, still no DHCPv6

On 2/28/11 6:51 AM, Nick Hilliard wrote: > I will be a lot more sympathetic about listening to arguments / > explanations about this insanity the day that the IETF filters out arp > and ipv4 packets from the conference network and depends entirely on > ipv6 for connectivity for the entire conferenc

Re: Mac OS X 10.7, still no DHCPv6

On 2/28/11 6:48 AM, Jeff Kell wrote: > On 2/28/2011 8:44 AM, Dobbins, Roland wrote: >> On Feb 28, 2011, at 8:40 PM, Jim Gettys wrote: >>> Again, having a permanently known identifier being broadcast all the time >>> is a potentially a serious security/safety issue. >> We already have this with MA

Re: Mac OS X 10.7, still no DHCPv6

On Feb 28, 2011, at 5:35 PM, Dobbins, Roland wrote: > > On Mar 1, 2011, at 7:00 AM, Owen DeLong wrote: > >> In five years we should be just about ready to start deprecating IPv4, if >> not already beginning to do so. > > > That's been said about so many things, from various legacy OSes to ot

Re: Mac OS X 10.7, still no DHCPv6

>>       Anyone care to start the IPv4 dead pool, Price is Right >> style, for when the last v4 NLRI is removed from the DFZ? > > That's funny, I don't care what galaxy you're from :) So that puts your bet at more than 25,000 years?

Re: Mac OS X 10.7, still no DHCPv6

On Feb 28, 2011, at 6:38 PM, Majdi S. Abbas wrote: > Anyone care to start the IPv4 dead pool, Price is Right > style, for when the last v4 NLRI is removed from the DFZ? That's funny, I don't care what galaxy you're from :) -b

Re: Mac OS X 10.7, still no DHCPv6

On Mon, Feb 28, 2011 at 04:00:16PM -0800, Owen DeLong wrote: > Ready or not, IPv6-only (or reasonably IPv6-only) residential > customers are less than 2 years out, so, well within > your 5-year planning horizon, whether those ISPs see that or > not. Denial is an impressive human phenomenon.

Re: Mac OS X 10.7, still no DHCPv6

On Mar 1, 2011, at 7:00 AM, Owen DeLong wrote: > In five years we should be just about ready to start deprecating IPv4, if not > already beginning to do so. That's been said about so many things, from various legacy OSes to other protocols such as SNA and SMB/CIFS. None of those things are

Re: Mac OS X 10.7, still no DHCPv6

On Feb 28, 2011, at 9:16 PM, Leo Bicknell wrote: > Those who designed IPv6 appear to have ignored the problem space. This is true of many, many aspects of IPv6. And those of us who didn't get involved in the process to try and address (pardon the pun, heh) those problems bear a burden of the

Re: Mac OS X 10.7, still no DHCPv6

> Small (say, under 50,000 customer) ISPs in my experience have a planning > horizon which is less than five years from now. Anything further out than > that is not "foreseeable" in the sense that I meant it. I have much less > first-hand experience with large, carrier-sized ISPs and what I have

Re: Mac OS X 10.7, still no DHCPv6

On Feb 28, 2011 12:28 PM, "Randy Bush" wrote: > > > It's hard to see v6-only networks as a viable, general-purpose > > solution to anything in the foreseeable future. I'm not sure why > > people keep fixating on that as an end goal. The future we ought to be > > working towards is a consistent, re

Re: Mac OS X 10.7, still no DHCPv6

On 2011-02-28, at 17:04, Owen DeLong wrote: > On Feb 28, 2011, at 12:34 PM, Joe Abley wrote: > >> On 2011-02-28, at 15:27, Randy Bush wrote: >> >>> o if ipv6 can not operate as the only protocol, and we will be out >>> of ipv4 space and have to deploy 6-only networks, it damned well >>> bette

Re: Mac OS X 10.7, still no DHCPv6

On Feb 28, 2011, at 12:34 PM, Joe Abley wrote: > > On 2011-02-28, at 15:27, Randy Bush wrote: > >> o if ipv6 can not operate as the only protocol, and we will be out >> of ipv4 space and have to deploy 6-only networks, it damned well >> better be able to stand on its own. > > Do you think

Re: Mac OS X 10.7, still no DHCPv6

In message <28d10d13-988b-4c7d-833b-eba6e1bc1...@hopcount.ca>, Joe Abley writes : > > On 2011-02-28, at 09:51, Nick Hilliard wrote: > > > I will be a lot more sympathetic about listening to arguments / = > explanations about this insanity the day that the IETF filters out arp = > and ipv4 packet

Re: Mac OS X 10.7, still no DHCPv6

In a message written on Mon, Feb 28, 2011 at 06:49:36PM +1100, Karl Auer wrote: > I do think though, that assuming DHCP is the way to get some of these > things might be shooting from the hip. Perhaps there is a better way, > with IPv6? DHCP is a terrible protocol for 2011, and will be an old scho

Re: Mac OS X 10.7, still no DHCPv6

> Dual stack isn't always the best approach. For networks that pass a > large amount of traffic to a relatively small number of destinations, > NAT64/DNS64 on a native v6 platform might be a better migration > approach. If 90% of your traffic is v6, it is probably less trouble to > use NAT64/DNS6

RE: Mac OS X 10.7, still no DHCPv6

> From: Randy Bush > Sent: Monday, February 28, 2011 12:27 PM > To: Joe Abley > Cc: NANOG Operators' Group > Subject: Re: Mac OS X 10.7, still no DHCPv6 > > > It's hard to see v6-only networks as a viable, general-purpose > > solution to anything in

Re: Mac OS X 10.7, still no DHCPv6

On 2011-02-28, at 15:38, Randy Bush wrote: > you may want to read your words and the thread which followed. The phrase you apparently missed (or which was not sufficient for me to explain myself clearly) was "viable, general-purpose solution". Joe

Re: Mac OS X 10.7, still no DHCPv6

On 2/27/2011 11:53 PM, Franck Martin wrote: > No, when I first played with IPv6 only network, I found out that RD was > silly, it gives an IP adddress but no DNS, and you have to rely on IPv4 to do > that. silly, so my understanding is then people saw the mistake, and added > some DNS resolution

Re: Mac OS X 10.7, still no DHCPv6

>> o if ipv6 can not operate as the only protocol, and we will be out >>of ipv4 space and have to deploy 6-only networks, it damned well >>better be able to stand on its own. > > Do you think I was suggesting that IPv6 as a protocol doesn't need to > be able to stand on its own two feet?

Re: Mac OS X 10.7, still no DHCPv6

On 2011-02-28, at 15:27, Randy Bush wrote: > o if ipv6 can not operate as the only protocol, and we will be out >of ipv4 space and have to deploy 6-only networks, it damned well >better be able to stand on its own. Do you think I was suggesting that IPv6 as a protocol doesn't need to be

Re: Mac OS X 10.7, still no DHCPv6

> It's hard to see v6-only networks as a viable, general-purpose > solution to anything in the foreseeable future. I'm not sure why > people keep fixating on that as an end goal. The future we ought to be > working towards is a consistent, reliable, dual-stack > environment. There's no point worryi

Re: Mac OS X 10.7, still no DHCPv6

On Feb 28, 2011 8:45 AM, "Owen DeLong" wrote: > > > On Feb 28, 2011, at 7:34 AM, Joe Abley wrote: > > > > > On 2011-02-28, at 10:27, Nick Hilliard wrote: > > > >> On 28/02/2011 14:59, Joe Abley wrote: > >>> I'm not sure why people keep > >>> fixating on that as an end goal. The future we ought to

Re: Mac OS X 10.7, still no DHCPv6

On 28 Feb 2011, at 16:57, valdis.kletni...@vt.edu wrote: > On Mon, 28 Feb 2011 10:04:23 EST, Joe Abley said: >> I don't think this has ever been cited as a global, general threat that >> must be eliminated (just as people are generally happy to use the same >> credit card as they move around the

Re: Mac OS X 10.7, still no DHCPv6

On Mon, 28 Feb 2011 10:04:23 EST, Joe Abley said: > I don't think this has ever been cited as a global, general threat that > must be eliminated (just as people are generally happy to use the same > credit card as they move around the planet and don't generally stress > about the implications). It

Re: Mac OS X 10.7, still no DHCPv6

On Feb 28, 2011, at 7:34 AM, Joe Abley wrote: > > On 2011-02-28, at 10:27, Nick Hilliard wrote: > >> On 28/02/2011 14:59, Joe Abley wrote: >>> I'm not sure why people keep >>> fixating on that as an end goal. The future we ought to be working >>> towards is a consistent, reliable, dual-stack en

Re: Mac OS X 10.7, still no DHCPv6

On Feb 28, 2011, at 11:15 PM, Nick Hilliard wrote: > At that moment, Dobbins and Abley were enlightened. hahaha ;> Hey, I think dual-stack is pretty ugly - just that it's less ugly than getting no operational experience with IPv6 at all on production networks until some point in the indeterm

Re: Mac OS X 10.7, still no DHCPv6

On Feb 28, 2011, at 11:14 PM, Owen DeLong wrote: > IPv6-only viability is the real goal. This is, in the long run, a > transition from v4 to v6. Dual-stack is an interim stop-gap, not an end > solution. I think most everyone agrees with this. However, getting experience with dual-stack is b

Re: Mac OS X 10.7, still no DHCPv6

1. Multiple subnets on the same media that are intended for different hosts and have different routers are no longer feasible. (Yes, you can argue they're less than desirable in IPv4 and I would agree, but, they exist in the real world

Re: Mac OS X 10.7, still no DHCPv6

On Feb 28, 2011, at 6:59 AM, Joe Abley wrote: > > On 2011-02-28, at 09:51, Nick Hilliard wrote: > >> I will be a lot more sympathetic about listening to arguments / explanations >> about this insanity the day that the IETF filters out arp and ipv4 packets >> from the conference network and de

Re: Mac OS X 10.7, still no DHCPv6

On 28/02/2011 15:45, Dobbins, Roland wrote: At that moment, the master was enlightened. One day a master from another monastery came upon Dobbins and Abley as they were watching a 14 year-old cripple learning how to fly. "I do not believe we should waste time teaching children to walk", said

Re: Mac OS X 10.7, still no DHCPv6

> Really, if you look back at the archives of this list these arguments > are starting to get "silly" as you put it. > Yes and no... > It seems that every few months, as people discover that IPv6 isn't > going away and they should brush up on it, people go through this > process of debating the w

Re: Mac OS X 10.7, still no DHCPv6

On Feb 28, 2011, at 10:27 PM, Nick Hilliard wrote: > We haven't got there because I can't plug in my laptop into any arbitrary > ipv6-only network and expect to be able to load up ipv6.google.com. - One day a master from another monastery came upon Abley as he was watching a young child s

Re: Mac OS X 10.7, still no DHCPv6

On Feb 28, 2011, at 10:27 PM, Owen DeLong wrote: > Having a MAC address as a permanent identifier is a very different problem > from having that MAC address go into a layer 3 protocol field. Given the plethora of identifiable information already frothing around in our data wakes, I'm unsure t

Re: Mac OS X 10.7, still no DHCPv6

On 2011-02-28, at 10:27, Nick Hilliard wrote: > On 28/02/2011 14:59, Joe Abley wrote: >> I'm not sure why people keep >> fixating on that as an end goal. The future we ought to be working >> towards is a consistent, reliable, dual-stack environment. There's no >> point worrying about v6-only oper

Re: Mac OS X 10.7, still no DHCPv6

On Feb 28, 2011, at 5:44 AM, Dobbins, Roland wrote: > > On Feb 28, 2011, at 8:40 PM, Jim Gettys wrote: > >> Again, having a permanently known identifier being broadcast all the time is >> a potentially a serious security/safety issue. > > > We already have this with MAC addresses, unless fo

Re: Mac OS X 10.7, still no DHCPv6

On 28/02/2011 14:59, Joe Abley wrote: I'm not sure why people keep fixating on that as an end goal. The future we ought to be working towards is a consistent, reliable, dual-stack environment. There's no point worrying about v6-only operations if we can't get dual-stack working reliably. That's

Re: Mac OS X 10.7, still no DHCPv6

On Feb 28, 2011, at 9:59 PM, Joe Abley wrote: > There's no point worrying about v6-only operations if we can't get > dual-stack working reliably. I think this is the most insightful, cogent, and pertinent comment made regarding IPv6 in just about any medium at any time. [Yes, I know that dua

Re: Mac OS X 10.7, still no DHCPv6

On 2011-02-28, at 09:53, Brian Johnson wrote: > Can someone explain what exactly the security threat is? The threat model relates to the ability for a third party to be able to identify what subnets a single device has moved between, which is possible with MAC-embedded IPv6 addresses but not p

Re: Mac OS X 10.7, still no DHCPv6

On 2011-02-28, at 09:51, Nick Hilliard wrote: > I will be a lot more sympathetic about listening to arguments / explanations > about this insanity the day that the IETF filters out arp and ipv4 packets > from the conference network and depends entirely on ipv6 for connectivity for > the entire

RE: Mac OS X 10.7, still no DHCPv6

>-Original Message- >From: Jeff Kell [mailto:jeff-k...@utc.edu] >Sent: Monday, February 28, 2011 8:49 AM >To: Dobbins, Roland >Cc: nanog group >Subject: Re: Mac OS X 10.7, still no DHCPv6 > >On 2/28/2011 8:44 AM, Dobbins, Roland wrote: >> On Feb 28, 2011

Re: Mac OS X 10.7, still no DHCPv6

On 28/02/2011 13:52, Ray Soucy wrote: The real point, initially at least, for stateless addressing was to make the Link-Local scope work. It's brilliantly elegant. It allows all IPv6 configuration to be made over IPv6 (and thus use sane constructs like multicast to do it). Wonderful, brillian

Re: Mac OS X 10.7, still no DHCPv6

On 2/28/2011 8:44 AM, Dobbins, Roland wrote: > On Feb 28, 2011, at 8:40 PM, Jim Gettys wrote: >> Again, having a permanently known identifier being broadcast all the time is >> a potentially a serious security/safety issue. > We already have this with MAC addresses, unless folks bother to periodi

Re: Mac OS X 10.7, still no DHCPv6

On Feb 28, 2011, at 9:01 PM, Joe Abley wrote: > By embedding the MAC into the layer-3 address, the concern is that the > information becomes accessible Internet-wide. Given the the toxicity of hotel networks alone, my guess is that it already is pretty much available Internet-wide, at least to

Re: Mac OS X 10.7, still no DHCPv6

On 2011-02-28, at 08:44, Dobbins, Roland wrote: > On Feb 28, 2011, at 8:40 PM, Jim Gettys wrote: > >> Again, having a permanently known identifier being broadcast all the time is >> a potentially a serious security/safety issue. > > We already have this with MAC addresses, unless folks bother

Re: Mac OS X 10.7, still no DHCPv6

On 02/28/2011 08:44 AM, Dobbins, Roland wrote: On Feb 28, 2011, at 8:40 PM, Jim Gettys wrote: Again, having a permanently known identifier being broadcast all the time is a potentially a serious security/safety issue. We already have this with MAC addresses, unless folks bother to periodic

Re: Mac OS X 10.7, still no DHCPv6

On Feb 28, 2011, at 8:52 PM, Ray Soucy wrote: > IPv6 is simple, elegant, and flexible. This is the first time I've ever seen 'IPv6' in the same sentence with 'simple', 'elegant', or 'flexible', unless preceded by 'not'. ;> -

Re: Mac OS X 10.7, still no DHCPv6

e root servers did not even have an > IPv6 address: silly! > > So I really don't care between RD and DHCPv6, what I care, is that they > should be able to do their job correctly on their own. > > - Original Message - > From: "Owen DeLong" > To: &q

Re: Mac OS X 10.7, still no DHCPv6

On Feb 28, 2011, at 8:40 PM, Jim Gettys wrote: > Again, having a permanently known identifier being broadcast all the time is > a potentially a serious security/safety issue. We already have this with MAC addresses, unless folks bother to periodically change them, do we not? ---

Re: Mac OS X 10.7, still no DHCPv6

On 02/28/2011 08:25 AM, Steven Bellovin wrote: On Feb 28, 2011, at 1:10 21AM, Randy Bush wrote: I'm not saying there are no uses for DHCPv6, though I suspect that some of the reasons proposed are more people wanting to do things the way they always do, rather than making small changes and endi

Re: Mac OS X 10.7, still no DHCPv6

On Feb 28, 2011, at 1:10 21AM, Randy Bush wrote: >> I'm not saying there are no uses for DHCPv6, though I suspect >> that some of the reasons proposed are more people wanting to do >> things the way they always do, rather than making small changes >> and ending up with equivalent effort. > > add

Re: Mac OS X 10.7, still no DHCPv6

On Feb 28, 2011, at 7:35 PM, Tony Finch wrote: > It ought to be possible to look at SMB or mDNS messages to get more > information about what the host claims to be... We can't trust those, they're easily manipulated and/or situationally-irrelevant. Or not present at all, if the endpoint cu

Re: Mac OS X 10.7, still no DHCPv6

On Sun, 27 Feb 2011, Owen DeLong wrote: > But the ND messages don't tell you anything other than the Mac > address about which host it actually is. In theory, at least, snooping > the DHCP messages might include a hostname or some other > useful identifier. It ought to be possible to look at SMB

Re: Mac OS X 10.7, still no DHCPv6

In message <1298850835.2109.33.camel@karl>, Karl Auer writes: > On Mon, 2011-02-28 at 09:39 +1100, Mark Andrews wrote: > > DHCP kills privacy addresses. > > DHCP kills CGAs. > > For temporary addresses couldn't a client clamp the upper limits of its > received lifetimes to the desired lifetimes,

Re: Mac OS X 10.7, still no DHCPv6

On Sun, Feb 27, 2011 at 05:55:53PM -0800, Owen DeLong wrote: > The lack of NTP and certain other options in SLAAC is still a > disappointment and I would argue that a fully matured SLAAC process > would include a mechanism for specifying extensible choices of things. That's O=1 and stateless DHCPv

Re: Mac OS X 10.7, still no DHCPv6

On Sun, 27 Feb 2011, Ray Soucy wrote: (I'm just waiting for Apple's lawyers to try an get names out of me...) But yes, it does appear that Apple is addressing the issue: 8< cat /etc/ip6addrctl.conf # default policy table based on RFC 3484. # usage: ip6addrctl install path_to_this_fil

Re: Mac OS X 10.7, still no DHCPv6

On Mon, 2011-02-28 at 12:57 +1100, Mark Andrews wrote: > Except in the senarios being described they are also blocking the > other addresses. I would also think setting the "M" bit would > prelude the host from generating such addresses as they are unmanaged. I think the M flag says "you can get

Re: Mac OS X 10.7, still no DHCPv6

On Mon, 2011-02-28 at 09:39 +1100, Mark Andrews wrote: > DHCP kills privacy addresses. > DHCP kills CGAs. For temporary addresses couldn't a client clamp the upper limits of its received lifetimes to the desired lifetimes, then rebind instead of renew, sending a DECLINE if it gets the same address

Re: Mac OS X 10.7, still no DHCPv6

On Sun, 2011-02-27 at 12:30 -1000, Antonio Querubin wrote: > On Mon, 28 Feb 2011, Karl Auer wrote: > > > Well - that draft very recently (i.e., only a few months, if that) > > became standards track, so it'll be a while before it's built into > > everything as a matter of course, but yes, it's "fi

Re: Mac OS X 10.7, still no DHCPv6

> I'm not saying there are no uses for DHCPv6, though I suspect > that some of the reasons proposed are more people wanting to do > things the way they always do, rather than making small changes > and ending up with equivalent effort. add noc and doc costs of all changes, please randy

Re: Mac OS X 10.7, still no DHCPv6

there are two replies here. --- Christopher Morrow writes: > ..., what's the harm in dhcpv6? (different strokes and all that) only the egos and reputations of those who said that stateless autoconf was all ipv6 needed. (which is a small price to pay, according to me.) --- "Dobbins, Roland"

Re: Mac OS X 10.7, still no DHCPv6

PM, Franck Martin wrote: > Yes I don't understand why we need DHCPv6, true RD did not have DNS > information to pass, but that is fixed, no? > > - Original Message - > From: "Matthew Palmer" > To: nanog@nanog.org > Sent: Sunday, 27 February, 2011 4:06:

Re: Mac OS X 10.7, still no DHCPv6

On Feb 28, 2011, at 10:47 AM, Steven Bellovin wrote: > You really need to look at switch logs for that, even with IPv4: > http://www.cs.columbia.edu/~smb/talks/arp-attack.pdf And flow telemetry, and so forth, yes. With BCP deployment in terms of anti-ARP-spoofing and DCHP snooping/source guar

Re: Mac OS X 10.7, still no DHCPv6

On Sun, 27 Feb 2011, Steven Bellovin wrote: I'm not saying there are no uses for DHCPv6, though I suspect that some of the reasons proposed are more people wanting to do things the way they always do, rather than making small changes and ending up with equivalent effort. I am saying that secu

Re: Mac OS X 10.7, still no DHCPv6

On Sun, Feb 27, 2011 at 5:16 PM, Ray Soucy wrote: > This seems to have upset at least one Apple engineer who dropped the > NDA bomb on me; while he didn't confirm it was there, he did imply it, > and it did make me have people give a second look. (I tried to get him > to admit it but he's obviousl

Re: Mac OS X 10.7, still no DHCPv6

On Feb 27, 2011, at 10:25 25AM, Dobbins, Roland wrote: > > On Feb 27, 2011, at 10:22 PM, Mikael Abrahamsson wrote: > >> Which is one of the reasons why some of us want DHCPv6 support in hosts. > > Also for traceback when hunting down compromised/abusive hosts. > You really need to look at swi

Re: Mac OS X 10.7, still no DHCPv6

On Feb 27, 2011, at 3:41 PM, Tore Anderson wrote: > * Owen DeLong > >> On Feb 27, 2011, at 4:21 AM, Randy Bush wrote: >> >>> NOC: are you running a macintosh? >>> User: yes, how did you guess? >>> NOC: because it is broken. get vista. >> >> While I'm as big a fan of IPv6 as anybody, I think i

Re: Mac OS X 10.7, still no DHCPv6

n wrote: >> >>> Yes I don't understand why we need DHCPv6, true RD did not have DNS >>> information to pass, but that is fixed, no? >>> >>> - Original Message - >>> From: "Matthew Palmer" >>> To: nanog@nanog.org >>&g

Re: Mac OS X 10.7, still no DHCPv6

In message <20110228013421.ga32...@ussenterprise.ufp.org>, Leo Bicknell writes: > In a message written on Mon, Feb 28, 2011 at 09:39:24AM +1100, Mark Andrews= > wrote: > > Have you *asked* your vendors for a alternate solution? > >=20 > > DHCP kills privacy addresses. > > DHCP kills CGAs. > > No

Re: Mac OS X 10.7, still no DHCPv6

On Sun, Feb 27, 2011 at 4:25 PM, Franck Martin wrote: > Yes I don't understand why we need DHCPv6, true RD did not have DNS > information to pass, but that is fixed, no? > where's my tftp-boot image location? root nfs mount? pick lots of other features used

Re: Mac OS X 10.7, still no DHCPv6

In a message written on Mon, Feb 28, 2011 at 09:39:24AM +1100, Mark Andrews wrote: > Have you *asked* your vendors for a alternate solution? > > DHCP kills privacy addresses. > DHCP kills CGAs. Not true. Some would like to use DHCPv6 to hand a host things like DNS servers, NTP servers, PXE boot

Re: Mac OS X 10.7, still no DHCPv6

(I'm just waiting for Apple's lawyers to try an get names out of me...) But yes, it does appear that Apple is addressing the issue: 8< cat /etc/ip6addrctl.conf # default policy table based on RFC 3484. # usage: ip6addrctl install path_to_this_file # # $FreeBSD$ # #Format: #Prefix Pr

Re: Mac OS X 10.7, still no DHCPv6

* Owen DeLong > On Feb 27, 2011, at 4:21 AM, Randy Bush wrote: > >> NOC: are you running a macintosh? >> User: yes, how did you guess? >> NOC: because it is broken. get vista. > > While I'm as big a fan of IPv6 as anybody, I think in a comparison of > relative brokenness, Mac comes out quite fa

Re: Mac OS X 10.7, still no DHCPv6

In message , Owen DeLong writes: > > On Feb 27, 2011, at 2:39 PM, Mark Andrews wrote: > > >=20 > > In message <20110227204511.gm27...@virtual.bogons.net>, Simon Lockhart = > writes: > >> On Mon Feb 28, 2011 at 07:22:08AM +1100, Mark Andrews wrote: > This is often required for legislation c

Re: Mac OS X 10.7, still no DHCPv6

On 02/27/2011 15:08, Owen DeLong wrote: Look, can we stop arguing about whether someone needs DHCP or not, whether they need SLAAC or not. Let's just get both solutions to a mature and useful state where a network administrator can pick the one that works best for their environment and move on.

Re: Mac OS X 10.7, still no DHCPv6

On 2/27/11 3:17 PM, Owen DeLong wrote: > > On Feb 27, 2011, at 2:39 PM, Mark Andrews wrote: > >> >> In message <20110227204511.gm27...@virtual.bogons.net>, Simon Lockhart >> writes: >>> On Mon Feb 28, 2011 at 07:22:08AM +1100, Mark Andrews wrote: > This is often required for legislation comp

Re: Mac OS X 10.7, still no DHCPv6

t;Matthew Palmer" >> To: nanog@nanog.org >> Sent: Sunday, 27 February, 2011 4:06:29 PM >> Subject: Re: Mac OS X 10.7, still no DHCPv6 >> >> On Sun, Feb 27, 2011 at 08:56:33AM -0500, Ray Soucy wrote: >>> Mac OS X 10.7 does support RDNSS (RFC 5001) so it i

Re: Mac OS X 10.7, still no DHCPv6

On Feb 27, 2011, at 2:39 PM, Mark Andrews wrote: > > In message <20110227204511.gm27...@virtual.bogons.net>, Simon Lockhart writes: >> On Mon Feb 28, 2011 at 07:22:08AM +1100, Mark Andrews wrote: This is often required for legislation compliance. DHCP does this well. >>> >>> Does it really

Re: Mac OS X 10.7, still no DHCPv6

On 02/27/2011 14:39, Mark Andrews wrote: DHCP kills privacy addresses. DHCP kills CGAs. In some environments that's a feature. :) Also, I think people forget the original motivation behind privacy addresses. If you use RA/SLAAC on every different network that you use IPv6 (say, with your lap

Re: Mac OS X 10.7, still no DHCPv6

nderstand why we need DHCPv6, true RD did not have DNS > information to pass, but that is fixed, no? > > - Original Message - > From: "Matthew Palmer" > To: nanog@nanog.org > Sent: Sunday, 27 February, 2011 4:06:29 PM > Subject: Re: Mac OS X 10.7, still

Re: Mac OS X 10.7, still no DHCPv6

But the ND messages don't tell you anything other than the Mac address about which host it actually is. In theory, at least, snooping the DHCP messages might include a hostname or some other useful identifier. Owen On Feb 27, 2011, at 11:53 AM, Richard Barnes wrote: > In fairness, said device ca

Re: Mac OS X 10.7, still no DHCPv6

You can write script to poll routers for IPv6 neighbors, and store those in a database. That will get you the IPv6 to MAC association. Then poll L2 devices for MAC address tables for the MAC to port association. We've had such a system in place for a few years now to map addresses to ports, etc.,

Re: Mac OS X 10.7, still no DHCPv6

In message <20110227204511.gm27...@virtual.bogons.net>, Simon Lockhart writes: > On Mon Feb 28, 2011 at 07:22:08AM +1100, Mark Andrews wrote: > > > This is often required for legislation compliance. DHCP does this well. > > > > Does it really matter what address a customer has as long as it comes

RE: Mac OS X 10.7, still no DHCPv6

> From: Leigh Porter > Sent: Sunday, February 27, 2011 6:48 AM > To: Chuck Anderson > Cc: nanog@nanog.org; I2 IPv6 working group > Subject: Re: Mac OS X 10.7, still no DHCPv6 > > > > Does anybody have anything neat to keep logs of what host gets what > ipv6 a

Re: Mac OS X 10.7, still no DHCPv6

On Feb 27, 2011, at 4:21 AM, Randy Bush wrote: >>> You're going to have to perform stateless autconfiguration in ipv6 >>> and provide an ipv4 nameserver at the very minimum for a long time >> apple is gonna look very very st00pid on world ipv6 day. and a bunch >> of folk are considering not turn

Re: Mac OS X 10.7, still no DHCPv6

On Mon, 28 Feb 2011, Karl Auer wrote: Well - that draft very recently (i.e., only a few months, if that) became standards track, so it'll be a while before it's built into everything as a matter of course, but yes, it's "fixed". RFC 6109.

Re: Mac OS X 10.7, still no DHCPv6

On Sun, 2011-02-27 at 14:47 +, Leigh Porter wrote: > Does anybody have anything neat to keep logs of what host gets what > ipv6 address in an SLAAC environment? How do you define "what host"? If it's by MAC address (and you are not using temporary, cryptographic or random addresses), then the

Re: Mac OS X 10.7, still no DHCPv6

On Sun, 2011-02-27 at 16:25 -0500, Franck Martin wrote: > Yes I don't understand why we need DHCPv6, true RD did not have DNS > information to pass, but that is fixed, no? Well - that draft very recently (i.e., only a few months, if that) became standards track, so it'll be a while before it's bui

Re: Mac OS X 10.7, still no DHCPv6

The topic should likely be re-written to "DHCPv6 expected in OS X 10.7" with rainbows, stars, and prancing unicorns. Apparently I was misinformed. Several people with access to the preview had informed me that DHCPv6 was not in 10.7. This seems to have upset at least one Apple engineer who dropp

Re: Mac OS X 10.7, still no DHCPv6

Yes I don't understand why we need DHCPv6, true RD did not have DNS information to pass, but that is fixed, no? - Original Message - From: "Matthew Palmer" To: nanog@nanog.org Sent: Sunday, 27 February, 2011 4:06:29 PM Subject: Re: Mac OS X 10.7, still no DHCPv6 On Sun,

Re: Mac OS X 10.7, still no DHCPv6

On Sun, Feb 27, 2011 at 08:56:33AM -0500, Ray Soucy wrote: > Mac OS X 10.7 does support RDNSS (RFC 5001) so it is able to get DNS > server information in an IPv6-only environment. Of course nobody else > has implemented that yet, making Apple a "special case" host once > again (I don't even think

Re: Mac OS X 10.7, still no DHCPv6

>> In fairness, said device can do the same sort of inspection of SLAAC >> traffic.  It just looks at neighbor discovery messages instead of DHCP >> messages. >> >> > > Any known (existing) or planned implementations of this? None that you can buy

Re: Mac OS X 10.7, still no DHCPv6

> In fairness, said device can do the same sort of inspection of SLAAC > traffic. It just looks at neighbor discovery messages instead of DHCP > messages. > > Any known (existing) or planned implementations of this? Steinar Haug, Nethelp consult

  1   2   >