James Knott
Sebastian Freundt wrote:
James Knott
writes: Lew Wolfgang wrote:
Yes, this is the case. The network infrastructure requires that any device touching the network be pre-registered, with enforcement implemented with the MAC address. If your MAC isn't registered you get placed into an isolated "rogue" VLAN.
Regardless of how the IPv6 address is configured, the MAC address doesn't change and is included in every packet sent from a host. Compare this with IPv4, where there's no mapping between IP& MAC addresses, unless specifically configured. So, if they're filtering on MAC address, then this shouldn't be an issue. I get the impression this may be caused by someone trying a bit to hard to control everything and not understanding the implications.
So, what am *I* (the user of a network) expected to do about it? Teach the network admins how they could have done it? I don't think you see the point, your Windows 7 example is the perfect counterexample. Windows 7 EXACTLY knows how to deal with this, automagically. It sets up both addresses, prefers the one obtained using privacy extensions, then, after a while when it notices there's no incoming global traffic, it falls back to the link local address.
So the question here is, how to mimic that behaviour in 12.1, and *not* how to be an extra-smart egghead? The former will grant you access, the latter probably won't.
Sebastian
I have a computer here with both openSUSE 12.1 and Windows 7 on it. Both provide a MAC based address and a random number based address, in addition to the link local address. So, in this respect, they behave the same. While it may be possible to change the configuration for either, to provide only a MAC based address, by default, both Linux and Windows provide both. So, yes, you talk to the network admins
Windows 7 automatically deactivates those `networks' where no packets seem to come in (or go out). I quite have the opposite problem with my Win7 setup, I want to *keep* those addresses but I have yet to find a way to convince windows of doing that.
about this because their overly restrictive policy will cause problems because multiple IPv6 addresses are to be expected. By all means, filter on a MAC, but don't try to limit which address, provided it's valid for the subnet(s)*, is used. Those admins have to realize that
See PS.
every IPv6 device will have a minimum of 2 addresses and will often have 3 or more. If they don't understand that, they are incompetent.
*It is entirely possible for a computer to be on multiple subnets with IPv6.
I'm not arguing against that, don't get me wrong. Of course they are incompetent or ignorant or paranoid or simply inexperienced but we have to ask ourselves the question why it took so long for v6 to be widely adopted, because the learning curve is steep, for developers, for hardware vendors and for network admins. What I can't accept (and you seem to imply that) is that said parties confront the *actual* user with this learning curve. The protocol doesn't require (as in RFC 2119 [1]) a router to accept and route multiple unicast addresses from one link, it *allows* it (prove me wrong on this one), and for the same reasons I, as a network admin, am not obliged to comply with best practices for any reason there may be. But I, as a network admin, can expect my users to comply with the rules I've set up for the network, so it's their problem, either they want access or they don't. Now wouldn't it be greatly helpful if you/your system could *easily* adapt to these rules? PS: Oh, and if you could please have a word with my ISP and convince them that they're incompetent and their network setup must be changed, here's their support team: http://www.easynet.com/gb/en/support/ They limit me on ONE address in my /64 of which all my traffic has to come from. [1]: http://tools.ietf.org/html/rfc2119 -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org