Mailinglist Archive: opensuse-factory (1578 mails)
| < Previous | Next > |
[opensuse-factory] Re: 12.1 IPv6 addressing issue
- From: Sebastian Freundt <freundt@xxxxxxxxxx>
- Date: Thu, 17 Nov 2011 14:41:47 +0000
- Message-id: <81wray24lw.fsf@berlin.ga-group.nl>
James Knott <james.knott@xxxxxxxxxx> writes:
Windows 7 automatically deactivates those `networks' where no packets seem
to come in (or go out). I quite have the opposite problem with my Win7
setup, I want to *keep* those addresses but I have yet to find a way to
convince windows of doing that.
See PS.
I'm not arguing against that, don't get me wrong. Of course they are
incompetent or ignorant or paranoid or simply inexperienced but we have to
ask ourselves the question why it took so long for v6 to be widely
adopted, because the learning curve is steep, for developers, for hardware
vendors and for network admins.
What I can't accept (and you seem to imply that) is that said parties
confront the *actual* user with this learning curve. The protocol doesn't
require (as in RFC 2119 [1]) a router to accept and route multiple
unicast addresses from one link, it *allows* it (prove me wrong on this
one), and for the same reasons I, as a network admin, am not obliged to
comply with best practices for any reason there may be.
But I, as a network admin, can expect my users to comply with the rules
I've set up for the network, so it's their problem, either they want
access or they don't. Now wouldn't it be greatly helpful if you/your
system could *easily* adapt to these rules?
PS:
Oh, and if you could please have a word with my ISP and convince them
that they're incompetent and their network setup must be changed, here's
their support team: http://www.easynet.com/gb/en/support/
They limit me on ONE address in my /64 of which all my traffic has to come
from.
[1]: http://tools.ietf.org/html/rfc2119
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx
Sebastian Freundt wrote:
James Knott<james.knott@xxxxxxxxxx> writes:
Lew Wolfgang wrote:So, what am *I* (the user of a network) expected to do about it? Teach
Yes, this is the case. The network infrastructure requires thatRegardless of how the IPv6 address is configured, the MAC address
any device touching the network be pre-registered, with enforcement
implemented with the MAC address. If your MAC isn't registered you
get placed into an isolated "rogue" VLAN.
doesn't change and is included in every packet sent from a host.
Compare this with IPv4, where there's no mapping between IP& MAC
addresses, unless specifically configured. So, if they're filtering
on MAC address, then this shouldn't be an issue. I get the impression
this may be caused by someone trying a bit to hard to control
everything and not understanding the implications.
the network admins how they could have done it? I don't think you see the
point, your Windows 7 example is the perfect counterexample.
Windows 7 EXACTLY knows how to deal with this, automagically. It sets up
both addresses, prefers the one obtained using privacy extensions, then,
after a while when it notices there's no incoming global traffic, it falls
back to the link local address.
So the question here is, how to mimic that behaviour in 12.1, and *not*
how to be an extra-smart egghead? The former will grant you access, the
latter probably won't.
Sebastian
I have a computer here with both openSUSE 12.1 and Windows 7 on it.
Both provide a MAC based address and a random number based address, in
addition to the link local address. So, in this respect, they behave
the same. While it may be possible to change the configuration for
either, to provide only a MAC based address, by default, both Linux
and Windows provide both. So, yes, you talk to the network admins
Windows 7 automatically deactivates those `networks' where no packets seem
to come in (or go out). I quite have the opposite problem with my Win7
setup, I want to *keep* those addresses but I have yet to find a way to
convince windows of doing that.
about this because their overly restrictive policy will cause problems
because multiple IPv6 addresses are to be expected. By all means,
filter on a MAC, but don't try to limit which address, provided it's
valid for the subnet(s)*, is used. Those admins have to realize that
See PS.
every IPv6 device will have a minimum of 2 addresses and will often
have 3 or more. If they don't understand that, they are incompetent.
*It is entirely possible for a computer to be on multiple subnets with IPv6.
I'm not arguing against that, don't get me wrong. Of course they are
incompetent or ignorant or paranoid or simply inexperienced but we have to
ask ourselves the question why it took so long for v6 to be widely
adopted, because the learning curve is steep, for developers, for hardware
vendors and for network admins.
What I can't accept (and you seem to imply that) is that said parties
confront the *actual* user with this learning curve. The protocol doesn't
require (as in RFC 2119 [1]) a router to accept and route multiple
unicast addresses from one link, it *allows* it (prove me wrong on this
one), and for the same reasons I, as a network admin, am not obliged to
comply with best practices for any reason there may be.
But I, as a network admin, can expect my users to comply with the rules
I've set up for the network, so it's their problem, either they want
access or they don't. Now wouldn't it be greatly helpful if you/your
system could *easily* adapt to these rules?
PS:
Oh, and if you could please have a word with my ISP and convince them
that they're incompetent and their network setup must be changed, here's
their support team: http://www.easynet.com/gb/en/support/
They limit me on ONE address in my /64 of which all my traffic has to come
from.
[1]: http://tools.ietf.org/html/rfc2119
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx
| < Previous | Next > |