host-identifier with IPv6

Ted Lemon Ted.Lemon at nominum.com
Tue Mar 3 19:08:39 UTC 2009 

On Mar 3, 2009, at 10:38 AM, Marc Perea wrote:
> I work for an ISP where we do exactly that; we assign IP addresses  
> based on a client request matching a class that is defined by their  
> agent.circuit-id, with a pool of a single IP address designated for  
> that customer. Why should I not use the circuit ID to assign the IP?

Er, to be clear, it's fine if you use the circuit ID in your address  
assignment *decision*.   But the identifier that is linked to the  
address is required by the protocol to be the client identifier, if  
present, or the Mac address, if no client identifier is present.   In  
practice it may not cause you any trouble that you care about to  
violate the spec by using the circuit ID as the actual identifier, but  
it sounds like you're not doing that anyway.

> On the corporate side, chalk us up as another ISC dhcpd user who  
> both would like to use some flag to set MAC (hardware address) as  
> the primary key in the leases database for v4 and another proponent  
> of having some way to reliably use the MAC of a new device in dhcp  
> administration of v6 in the future. We haven't yet begun v6 rollout  
> and likely won't until forced to by govt. mandate. By the sounds of  
> it, this won't at all be a "fun" upgrade when the time comes.

Forgive me, but this sounds like a case of deciding how to solve the  
problem before you've examined the tools available to you.   IPv4 and  
IPv6 are similar in some ways, but very different in others.   For  
example, I would expect you to be using prefix delegation with IPv6 in  
an ISP context - this is the equivalent of giving out a single global  
IP address that's then NATted internally to multiple devices.   In  
that situation, the idea of using the Mac address as an identifier  
doesn't seem like it would be useful in the way that you're suggesting.

I suspect you will switch to IPv6 on the basis of market pressure, not  
government mandate.   This probably won't happen in the near future,  
but maybe within a decade.   The reason is that while in the U.S. we  
are not too tightly constrained on IP addresses, the situation in the  
rest of the world is different.   At some point if you don't have an  
IPv6 solution, your customers won't be able to reach sites they need  
to be able to reach, because those sites will be IPv6-only.    
Personally, if I had a choice of a vendor that supported native IPv6  
where I live now, I would drop my existing vendor like a hot potato.    
Right now I'm an outlier; in ten years Joe Average will be doing the  
same thing.

More information about the dhcp-users mailing list