Mailinglist Archive: opensuse-factory (1578 mails)
| < Previous | Next > |
[opensuse-factory] Re: 12.1 IPv6 addressing issue
- From: Sebastian Freundt <freundt@xxxxxxxxxx>
- Date: Thu, 17 Nov 2011 16:13:18 +0000
- Message-id: <81lire20dd.fsf@berlin.ga-group.nl>
James Knott <james.knott@xxxxxxxxxx> writes:
Exactly, the protocol doesn't REQUIRE as in make it mandatory for a router
to route all addresses from the subnet, hence it's completely compliant
not to, and that's my point, I could argue your network setup is
completely wrong just the way you argue theirs is `wrong'.
Or, you could say, the out of the box behaviour is wrong, because their
network rules are fine, after all they comply with the standard, don't
they? This discussion leads nowhere does it?
Nope, it doesn't matter what you think is suitable or not, my point is
that it must be just as easy to adapt to the one situation as to the
other.
Yes, I know, me too actually. Still, as a network admin, I wouldn't
change my network policies just because some devices can't use my network
out of the box. And you should be more specific, Ubuntu 11.10 CAN access
the network in question out of the box, it's just SuSE 12.1 that can't.
Yes. I'm saying that.
I was making a more general point, you insist that everyone's wrong but
you whereas in fact there are many scenarios in the real world that need
adapting, and those adaptions must be easy, or maybe even automatic.
My ISP doesn't care about MAC addresses, all they want is all traffic to
come from exactly one address they've given me (ending in ::2). I can't
use privacy extensions nor can I use a MAC-based autoconfig'd address.
And don't get me wrong, I'm fully aware that this is stupid, not modern
and can be improved massively, but do you *really* think they will change
their set up just because it's inconvenient for me? If so, you're still
invited to convince them otherwise.
PS: I have been talking to them, and they do offer a fully routed /64, and
even a /48, alas they expect me to pay a lot more dosh for that.
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx
Sebastian Freundt wrote:[snip]
What I can't accept (and you seem to imply that) is that said parties
confront the*actual* user with this learning curve. The protocol doesn't
require (as in RFC 2119 [1]) a router to accept and route multiple
unicast addresses from one link, it*allows* it (prove me wrong on this
one), and for the same reasons I, as a network admin, am not obliged to
comply with best practices for any reason there may be.
????
That RFC is about defining words in RFCs and has nothing to do with IPv6.
What I am saying is those admins appear to have created the problem,
by being overly restrictive. I am not saying they confront the user
with the problem, only that they fix the problem they created. Also,
a router normally passes all valid addresses from a subnet, unless
specifically configured not to. As an example, my firewall/router
here is a Linux box. For me to limit what addresses can pass through
it, I'd have to use the iptables rules to block some addresses.
Exactly, the protocol doesn't REQUIRE as in make it mandatory for a router
to route all addresses from the subnet, hence it's completely compliant
not to, and that's my point, I could argue your network setup is
completely wrong just the way you argue theirs is `wrong'.
But I, as a network admin, can expect my users to comply with the rules
I've set up for the network, so it's their problem, either they want
access or they don't. Now wouldn't it be greatly helpful if you/your
system could*easily* adapt to these rules?
If your rules don't allow normal, out of the box, behaviour, then your
rules are wrong, unless you're prepared to configure every computer to
comply with them. This is most definitely not a user issue as most
users wouldn't have a clue about it.
Or, you could say, the out of the box behaviour is wrong, because their
network rules are fine, after all they comply with the standard, don't
they? This discussion leads nowhere does it?
As a network admin, I'd expect you to know the implications of what
you do. Blocking addresses that are not based on the MAC is not a
suitable policy, in that, by default, later versions of Linux &
Windows provide both MAC based and random IP addresses.. Blocking
unrecognized MACs, no matter what the IP address, is a suitable policy.
Nope, it doesn't matter what you think is suitable or not, my point is
that it must be just as easy to adapt to the one situation as to the
other.
I can tell you that if I were to plug my computer into that network
and booted into either Linux or Windows, I would have that problem,
because either way, I would have both MAC and random addresses.
Yes, I know, me too actually. Still, as a network admin, I wouldn't
change my network policies just because some devices can't use my network
out of the box. And you should be more specific, Ubuntu 11.10 CAN access
the network in question out of the box, it's just SuSE 12.1 that can't.
PS:
Oh, and if you could please have a word with my ISP and convince them
that they're incompetent and their network setup must be changed, here's
their support team:http://www.easynet.com/gb/en/support/
They limit me on ONE address in my /64 of which all my traffic has to come
from.
Are you saying you can only use one address in your subnet? Also, if
Yes. I'm saying that.
you've been following the discussion, you'd realize that only the
random number based address is used for outgoing traffic. The MAC
based address would normally only be used if you want to reach a
computer from outside. i.e. the DNS would point to it, rather than the
random address. Also, how would your ISP know whether that traffic is
from one computer or not, given that as soon as a packet passes
through a router, the computer's MAC address is discarded and replaced
by the router's MAC address for the port facing the ISP.
I was making a more general point, you insist that everyone's wrong but
you whereas in fact there are many scenarios in the real world that need
adapting, and those adaptions must be easy, or maybe even automatic.
My ISP doesn't care about MAC addresses, all they want is all traffic to
come from exactly one address they've given me (ending in ::2). I can't
use privacy extensions nor can I use a MAC-based autoconfig'd address.
And don't get me wrong, I'm fully aware that this is stupid, not modern
and can be improved massively, but do you *really* think they will change
their set up just because it's inconvenient for me? If so, you're still
invited to convince them otherwise.
PS: I have been talking to them, and they do offer a fully routed /64, and
even a /48, alas they expect me to pay a lot more dosh for that.
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx
| < Previous | Next > |