<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:10.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style>
</head>
<body lang="EN-US" link="blue" vlink="purple" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt">Thanks, Darren. This mostly has to do with how the clients in the space USE the v6 PDs. It’s a MAP-T environment where use of that block correlates to that client devices sending all traffic using source-ports
of 1-1023 (which is obviously problematic). Unlikely corner case, just trying to ensure this will work the way we are hoping IF it’s used.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Thanks.<br>
Dan<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<div id="mail-editor-reference-message-container">
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal" style="margin-bottom:12.0pt"><b><span style="font-size:12.0pt;color:black">From:
</span></b><span style="font-size:12.0pt;color:black">Kea-users <kea-users-bounces@lists.isc.org> on behalf of Darren Ankney <darren.ankney@gmail.com><br>
<b>Date: </b>Friday, June 23, 2023 at 6:31 AM<br>
<b>To: </b>kea-users@lists.isc.org <kea-users@lists.isc.org><br>
<b>Subject: </b>[EXTERNAL] Re: [Kea-users] Dhcp6 Prefix Exclude use case question<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt">Hi Dan,<br>
<br>
I don't think that is the purpose of the option, but I suppose if no<br>
device asks for an excluded prefix then the prefix will not be<br>
allocated to any device. How would you be able to guarantee this? I<br>
would think a better solution would be to engineer your network<br>
differently such that you don't need to leave off part of the prefix<br>
delegation. Surely there are plenty of IPv6 subnets to go around to<br>
accomplish this?<br>
<br>
Thank you,<br>
<br>
Darren Ankney<br>
<br>
On Wed, Jun 21, 2023 at 5:09 PM Dan Geist <dan@polter.net> wrote:<br>
><br>
> Greetings, all. I'm exploring using the "prefix exclude" feature to do something a little different than what it's RFC describes and would like to know if my scenario would work. In the kea ARM, the example config is as follows:<br>
><br>
> "Dhcp6": {<br>
> "subnet6": [<br>
> {<br>
> "subnet": "2001:db8:1::/48",<br>
> "pd-pools": [<br>
> {<br>
> "prefix": "2001:db8:1:8000::",<br>
> "prefix-len": 56,<br>
> "delegated-len": 64,<br>
> "excluded-prefix": "2001:db8:1:8000:cafe:80::",<br>
> "excluded-prefix-len": 72<br>
> }<br>
> ]<br>
> }<br>
> ]<br>
> }<br>
><br>
> This allows a device that sends a Prefix Exclude option to be allocated the indicated /72.<br>
><br>
> In my environment, we'd like to be able to allocate PDs from a block that is discrete from the subnet and in which the very first PD is NEVER assigned, ala:<br>
><br>
> "Dhcp6": {<br>
> "subnet6": [<br>
> {<br>
> "subnet": "2001:db8:1::/48",<br>
> "pd-pools": [<br>
> {<br>
> "prefix": "2001:db8:2::",<br>
> "prefix-len": 48,<br>
> "delegated-len": 60,<br>
> "excluded-prefix": "2001:db8:2::",<br>
> "excluded-prefix-len": 60<br>
> }<br>
> ]<br>
> }<br>
> ]<br>
> }<br>
><br>
> Assuming I don't have any dhcpv6 endpoint devices sending the excluded prefix option, does this accomplish what I'm attempting, which is: never use the first /60 from the PD /48 prefix?<br>
><br>
> Thanks<br>
> Dan<br>
><br>
> --<br>
> Dan Geist dan(@)polter.net<br>
><br>
> --<br>
> ISC funds the development of this software with paid support subscriptions. Contact us at
<a href="https://urldefense.com/v3/__https:/www.isc.org/contact/__;!!Hit2Ag!ztViBv-QgmZ06HbBl5Y9ZrN-Xr4nESzE_PPkzf-YD9ap-HY5JI-eQbQj327_Nf3TbzbiCDtd_plvYVpxEDd1KQ$">
https://urldefense.com/v3/__https://www.isc.org/contact/__;!!Hit2Ag!ztViBv-QgmZ06HbBl5Y9ZrN-Xr4nESzE_PPkzf-YD9ap-HY5JI-eQbQj327_Nf3TbzbiCDtd_plvYVpxEDd1KQ$</a> for more information.<br>
><br>
> To unsubscribe visit <a href="https://urldefense.com/v3/__https:/lists.isc.org/mailman/listinfo/kea-users__;!!Hit2Ag!ztViBv-QgmZ06HbBl5Y9ZrN-Xr4nESzE_PPkzf-YD9ap-HY5JI-eQbQj327_Nf3TbzbiCDtd_plvYVqNnhhgkw$">
https://urldefense.com/v3/__https://lists.isc.org/mailman/listinfo/kea-users__;!!Hit2Ag!ztViBv-QgmZ06HbBl5Y9ZrN-Xr4nESzE_PPkzf-YD9ap-HY5JI-eQbQj327_Nf3TbzbiCDtd_plvYVqNnhhgkw$</a> .<br>
><br>
> Kea-users mailing list<br>
> Kea-users@lists.isc.org<br>
> <a href="https://urldefense.com/v3/__https:/lists.isc.org/mailman/listinfo/kea-users__;!!Hit2Ag!ztViBv-QgmZ06HbBl5Y9ZrN-Xr4nESzE_PPkzf-YD9ap-HY5JI-eQbQj327_Nf3TbzbiCDtd_plvYVqNnhhgkw$">
https://urldefense.com/v3/__https://lists.isc.org/mailman/listinfo/kea-users__;!!Hit2Ag!ztViBv-QgmZ06HbBl5Y9ZrN-Xr4nESzE_PPkzf-YD9ap-HY5JI-eQbQj327_Nf3TbzbiCDtd_plvYVqNnhhgkw$</a>
<br>
-- <br>
ISC funds the development of this software with paid support subscriptions. Contact us at
<a href="https://urldefense.com/v3/__https:/www.isc.org/contact/__;!!Hit2Ag!ztViBv-QgmZ06HbBl5Y9ZrN-Xr4nESzE_PPkzf-YD9ap-HY5JI-eQbQj327_Nf3TbzbiCDtd_plvYVpxEDd1KQ$">
https://urldefense.com/v3/__https://www.isc.org/contact/__;!!Hit2Ag!ztViBv-QgmZ06HbBl5Y9ZrN-Xr4nESzE_PPkzf-YD9ap-HY5JI-eQbQj327_Nf3TbzbiCDtd_plvYVpxEDd1KQ$</a> for more information.<br>
<br>
To unsubscribe visit <a href="https://urldefense.com/v3/__https:/lists.isc.org/mailman/listinfo/kea-users__;!!Hit2Ag!ztViBv-QgmZ06HbBl5Y9ZrN-Xr4nESzE_PPkzf-YD9ap-HY5JI-eQbQj327_Nf3TbzbiCDtd_plvYVqNnhhgkw$">
https://urldefense.com/v3/__https://lists.isc.org/mailman/listinfo/kea-users__;!!Hit2Ag!ztViBv-QgmZ06HbBl5Y9ZrN-Xr4nESzE_PPkzf-YD9ap-HY5JI-eQbQj327_Nf3TbzbiCDtd_plvYVqNnhhgkw$</a> .<br>
<br>
Kea-users mailing list<br>
Kea-users@lists.isc.org<br>
<a href="https://urldefense.com/v3/__https:/lists.isc.org/mailman/listinfo/kea-users__;!!Hit2Ag!ztViBv-QgmZ06HbBl5Y9ZrN-Xr4nESzE_PPkzf-YD9ap-HY5JI-eQbQj327_Nf3TbzbiCDtd_plvYVqNnhhgkw$">https://urldefense.com/v3/__https://lists.isc.org/mailman/listinfo/kea-users__;!!Hit2Ag!ztViBv-QgmZ06HbBl5Y9ZrN-Xr4nESzE_PPkzf-YD9ap-HY5JI-eQbQj327_Nf3TbzbiCDtd_plvYVqNnhhgkw$</a>
<o:p></o:p></span></p>
</div>
</div>
</div>
</div>
</body>
</html>