host-identifier with IPv6

David W. Hankins David_Hankins at isc.org
Fri Feb 27 18:28:53 UTC 2009 

On Fri, Feb 27, 2009 at 05:41:23PM +0000, Niall O'Reilly wrote:
> > I didn't realise this was going to be a can of worms.  The best
> > solution I can think of is to add in options that change the behaviour
> > away from the 'standard'.  The default should be what the 'standard'
> > says but if there are legitimate cases where the standard doesn't work
> > for people, having the ability to change the behaviour by turning
> > on/off an option would seem a pretty good compromise.

The only hope for the current interim is for your clients to be of a
type that only uses the DUID-LL anyway.  This is just the mac address,
and you can predict its contents if you know the client's mac.  It's
just 16-bits DUID-LL value (check 3315), 16-bits HTYPE (00:01 for
Ethernet), and then the mac.  It might actually be used by printers,
or other "fully embedded" systems where the NIC isn't going to be
leaving the hardware (integrated on the system board).

The proposed new interim solution is a config parameter that matches
either DUID-LL or DUID-LLT based on the LL field contents.  The risk
is that if a MAC was duplicate, or did move from one machine to
another, or if that client had multiple interfaces (only the IAIAD
changes, the DUID is global to the client), you would treat them as
the same client (and you'd have to use interface A's MAC to assign a
fixed address to interface B).  The risks may be minor in the intended
environment, as you say OS reinstalls or bootloaders are more common.
It's imperfect, but most interim solutions are.

The real problem with that interim solution (as a non-standard config
option) is that the RFC explicitly forbids the server from this
behavior.  It's a little unlike a specification about the form of a
hostname.

The future/final solution would be a hardware address option, supplied
by the client, and that means a _very_ slow migration, which just
increases the need for imperfect interim solutions.

> 	No doubt someone will point out that I really need to liberate
> 	myself from an outmoded IPv4 mindset, and commit myself to the
> 	Royal Way of IPv6.  There!  I've saved that someone the trouble.

Anyone who has ever worked for an ISP has had this conversation with a
vendor.  The proposition is to take the hammer to the network to
change it to fit the product, rather than the other way around.

I've never been a fan of it.

-- 
David W. Hankins	"If you don't do it right the first time,
Software Engineer		     you'll just have to do it again."
Internet Systems Consortium, Inc.		-- Jack T. Hankins
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20090227/c4492a7b/attachment.bin>

More information about the dhcp-users mailing list