host-identifier with IPv6

David W. Hankins David_Hankins at
Thu Feb 26 22:58:50 UTC 2009

On Fri, Feb 27, 2009 at 10:03:40AM +1300, Eustace, Glen wrote:
> I have just started working with 4.1 and IPv6.  I have been reading the manual and trying to find examples of configs but am at a loss as to how to replace the 'hardware mac-address' with 'host-identifier option ????'
> What should ???? be and if I want to use the mac-address how do I go about it ?

Yeah...the idea of fixed addresses is kind of something that DHCPv6
makes semi-difficult.

The IETF consensus is kind of polarized against the mention of
hardware addresses as identifiers.

So in DHCPv6 there are three different types of DUID's, the DHCPv6
equivalent of DHCPv4's client-identifier option, and there is no
separate hardware address field or option.

Of the three different DUID's, only two of them have subfields that
contain the client's hardware address, and one of those two is
suffixed with the client's current system time when it first
initializes the interface (for the first time ever).  The client
selects which kind and what contents to put in their DUID, not the

Of all three, the server is supposed to treat the entire field as
an opaque value, we're not "supposed" to make it possible to just
enter a mac address and have it match any mention of that mac

So it is basically impossible to predict what a client's identifier is
going to be until after it boots, by which time it already has an

One workaround, which isn't very fun, is to wait for a client to boot,
obtain a dynamic address (or not!), and either wireshark out the DUID
or convert the dhcpd6.leases entry.

Here's an example;

  ia-na "@@\026v\000\001\000\001G`t$\000\014v\026@@" {

Take off the fourst four octets. (@ @ \026 v), which are the
IA-NA's IAID (we concat the IAID and DUID to form a unique identity
for one this case, the client has used its last four
MAC address octets as its IAID).

Then use it in a host clause thusly:

  host-identifier option dhcp6.client-id
                        #    DUID-LLT - ETH -- TIME --- ---- address ----

Good luck.

I'm inclined to make 'hardware ethernet ...;' just work, assuming
the client is sending either of those two types of DUID, but we
probably need to write a draft to open up the 'opacity' of these

David W. Hankins	"If you don't do it right the first time,
Software Engineer		     you'll just have to do it again."
Internet Systems Consortium, Inc.		-- Jack T. Hankins
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <>

More information about the dhcp-users mailing list