James Knott
Sebastian Freundt wrote: [snip]
What I can't accept (and you seem to imply that) is that said parties confront the*actual* user with this learning curve. The protocol doesn't require (as in RFC 2119 [1]) a router to accept and route multiple unicast addresses from one link, it*allows* it (prove me wrong on this one), and for the same reasons I, as a network admin, am not obliged to comply with best practices for any reason there may be.
????
That RFC is about defining words in RFCs and has nothing to do with IPv6.
What I am saying is those admins appear to have created the problem, by being overly restrictive. I am not saying they confront the user with the problem, only that they fix the problem they created. Also, a router normally passes all valid addresses from a subnet, unless specifically configured not to. As an example, my firewall/router here is a Linux box. For me to limit what addresses can pass through it, I'd have to use the iptables rules to block some addresses.
Exactly, the protocol doesn't REQUIRE as in make it mandatory for a router to route all addresses from the subnet, hence it's completely compliant not to, and that's my point, I could argue your network setup is completely wrong just the way you argue theirs is `wrong'.
But I, as a network admin, can expect my users to comply with the rules I've set up for the network, so it's their problem, either they want access or they don't. Now wouldn't it be greatly helpful if you/your system could*easily* adapt to these rules?
If your rules don't allow normal, out of the box, behaviour, then your rules are wrong, unless you're prepared to configure every computer to comply with them. This is most definitely not a user issue as most users wouldn't have a clue about it.
Or, you could say, the out of the box behaviour is wrong, because their network rules are fine, after all they comply with the standard, don't they? This discussion leads nowhere does it?
As a network admin, I'd expect you to know the implications of what you do. Blocking addresses that are not based on the MAC is not a suitable policy, in that, by default, later versions of Linux & Windows provide both MAC based and random IP addresses.. Blocking unrecognized MACs, no matter what the IP address, is a suitable policy.
Nope, it doesn't matter what you think is suitable or not, my point is that it must be just as easy to adapt to the one situation as to the other.
I can tell you that if I were to plug my computer into that network and booted into either Linux or Windows, I would have that problem, because either way, I would have both MAC and random addresses.
Yes, I know, me too actually. Still, as a network admin, I wouldn't change my network policies just because some devices can't use my network out of the box. And you should be more specific, Ubuntu 11.10 CAN access the network in question out of the box, it's just SuSE 12.1 that can't.
PS: Oh, and if you could please have a word with my ISP and convince them that they're incompetent and their network setup must be changed, here's their support team:http://www.easynet.com/gb/en/support/ They limit me on ONE address in my /64 of which all my traffic has to come from.
Are you saying you can only use one address in your subnet? Also, if
Yes. I'm saying that.
you've been following the discussion, you'd realize that only the random number based address is used for outgoing traffic. The MAC based address would normally only be used if you want to reach a computer from outside. i.e. the DNS would point to it, rather than the random address. Also, how would your ISP know whether that traffic is from one computer or not, given that as soon as a packet passes through a router, the computer's MAC address is discarded and replaced by the router's MAC address for the port facing the ISP.
I was making a more general point, you insist that everyone's wrong but you whereas in fact there are many scenarios in the real world that need adapting, and those adaptions must be easy, or maybe even automatic. My ISP doesn't care about MAC addresses, all they want is all traffic to come from exactly one address they've given me (ending in ::2). I can't use privacy extensions nor can I use a MAC-based autoconfig'd address. And don't get me wrong, I'm fully aware that this is stupid, not modern and can be improved massively, but do you *really* think they will change their set up just because it's inconvenient for me? If so, you're still invited to convince them otherwise. PS: I have been talking to them, and they do offer a fully routed /64, and even a /48, alas they expect me to pay a lot more dosh for that. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org