Allocating fixed IPv6 addresses to hosts with multiple NICs

Simon Hobson dhcp1 at thehobsons.co.uk
Thu Jan 13 12:44:51 UTC 2011 

Frank Sweetser wrote:

>This issue has been brought up before.  Take a look at 
>https://lists.isc.org/pipermail/dhcp-users/2009-February/008088.html 
>for one of the longer discussions on it.

I recall that thread - and I know there have been others. Anyone know 
if anything happened ?

A bit right at the bottom of this message gives me an idea :
https://lists.isc.org/pipermail/dhcp-users/2009-February/008097.html

>There actually was some discussion about this, now that I recall, but
>it was ages ago.  The idea was to add a hardware address option, and
>maybe have the relay agents insert it, but it didn't get a lot of
>support.

The MAC address of the interface the client is connected by MUST be 
in the ethernet packet header - and available to the server (or relay 
agent if the client is remote).

For locally connected clients, can we inspect the packet directly and 
get a value that can be used for matching ?


That means there is the ability, as a project specific action, to 
create the missing hardware address (by extracting it in the server 
or relay agent packet handling code) and make it available to the 
config.
I can see that working for broadcasts, but would it have the same 
problems as happen now with Option-82 when the client is unicasting a 
renewal request ?


As to the philosophy of not using fixed addressing, I'd like to know 
how some of the proponents of this write firewall rules when the 
target isn't static ? I know it's possible to build firewall configs 
along with other stuff, but using dynamic addressing you need a 
process that can spot when a machine/service moves address and 
dynamically update the firewall to suit - that's not a level of 
complexity I want on my networks that you very much !


And now I'm starting to try and get into IPv6, the first thing I need 
is to be able to assign fixed addresses (to at least one client) via 
DHCP so I can write firewall rules. It's either that or I have to 
manually set my IPv6 address when I move between home and office. OK, 
for one client it's no big deal to use whatever GUID is available, 
but that doesn't scale well as has already been well expressed in 
previous equine flaggellation sessions.

-- 
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.

More information about the dhcp-users mailing list