Sebastian Freundt wrote:
I have a computer here with both openSUSE 12.1 and Windows 7 on it.
Both provide a MAC based address and a random number based address, in addition to the link local address. So, in this respect, they behave the same. While it may be possible to change the configuration for either, to provide only a MAC based address, by default, both Linux and Windows provide both. So, yes, you talk to the network admins
Windows 7 automatically deactivates those `networks' where no packets seem to come in (or go out). I quite have the opposite problem with my Win7 setup, I want to*keep* those addresses but I have yet to find a way to convince windows of doing that.
The Windows 7 computer I have here has 3 IPv6 addresses, one based on the MAC, one random number and also the link local address. The MAC and random addresses are both valid addresses on my subnet, with the first 64 bits identical. There is no other "network" to be deactivated. With Windows, there may also be a Teredo tunnel, which allows IPv6 tunnelling via IPv4. You probably want to turn that off, unless you have a need for it.
What I can't accept (and you seem to imply that) is that said parties confront the*actual* user with this learning curve. The protocol doesn't require (as in RFC 2119 [1]) a router to accept and route multiple unicast addresses from one link, it*allows* it (prove me wrong on this one), and for the same reasons I, as a network admin, am not obliged to comply with best practices for any reason there may be.
???? That RFC is about defining words in RFCs and has nothing to do with IPv6. What I am saying is those admins appear to have created the problem, by being overly restrictive. I am not saying they confront the user with the problem, only that they fix the problem they created. Also, a router normally passes all valid addresses from a subnet, unless specifically configured not to. As an example, my firewall/router here is a Linux box. For me to limit what addresses can pass through it, I'd have to use the iptables rules to block some addresses.
But I, as a network admin, can expect my users to comply with the rules I've set up for the network, so it's their problem, either they want access or they don't. Now wouldn't it be greatly helpful if you/your system could*easily* adapt to these rules?
If your rules don't allow normal, out of the box, behaviour, then your rules are wrong, unless you're prepared to configure every computer to comply with them. This is most definitely not a user issue as most users wouldn't have a clue about it. As a network admin, I'd expect you to know the implications of what you do. Blocking addresses that are not based on the MAC is not a suitable policy, in that, by default, later versions of Linux & Windows provide both MAC based and random IP addresses.. Blocking unrecognized MACs, no matter what the IP address, is a suitable policy. I can tell you that if I were to plug my computer into that network and booted into either Linux or Windows, I would have that problem, because either way, I would have both MAC and random addresses.
PS: Oh, and if you could please have a word with my ISP and convince them that they're incompetent and their network setup must be changed, here's their support team:http://www.easynet.com/gb/en/support/ They limit me on ONE address in my /64 of which all my traffic has to come from.
Are you saying you can only use one address in your subnet? Also, if you've been following the discussion, you'd realize that only the random number based address is used for outgoing traffic. The MAC based address would normally only be used if you want to reach a computer from outside. i.e. the DNS would point to it, rather than the random address. Also, how would your ISP know whether that traffic is from one computer or not, given that as soon as a packet passes through a router, the computer's MAC address is discarded and replaced by the router's MAC address for the port facing the ISP. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org