host-identifier with IPv6

Frank Sweetser fs at WPI.EDU
Fri Feb 27 18:15:45 UTC 2009 

Glen R. J. Neff wrote:
> On Thu, 2009-02-26 at 15:13 -0800, David W. Hankins wrote:
>> DDNS in RA is full stop no-go, unless you manually configure the client
>> itself to perform DDNS after DAD, at which time you may as well do
>> neither RA nor DHCPv6.
> 
> Well, I have to disagree, 'specially since I have labs full of machines
> doing it.
> 
> What I'm doing, and what I'm advocating to become the standard way of
> doing things, is to have the default 'dhclient-script' include a stanza
> to initiate a DDNS update.
> 
> My philosophy with IPv6 implementation is that the added address space
> and the raw hexidecimal values in said addresses have increased the
> complexity to a level that is way beyond even what the more saavy users
> and or system administrators can comprehend.  I'm all for IPv6, but I

I fail to see how simply making the numbers bigger should require any
additional complexity, just additional diskspace and memory.

> think the way forward involves making the job of the Network Engineer
> harder and the job of the System Administrator even easier, ie. to make
> the networks plug-n-play.  I've setup environments where hosts simply
> need to be configured with a hostname to include the FQDN and plugged
> into the correct VLAN, and the rest is "auto-magical."

Plug-n-play sounds great, except that in this case the "play" tends to end up
being "hide and seek" as the hapless admin (network or system, take your pick)
tries to go through IP/DUID/which host mappings looking for a misbehaving, or
just missing, host.

With v4 addresses based on MAC, it is quite trivial for me to reliably set up
a machine to follow this chain on install:

MAC -> DHCP/PXE -> IP -> hostname -> AD/puppet config policy

This means that for a student lab of 30 machines, I can send a minimally
trained workstudy out to re-image the lab in a few minutes by bouncing off
reset buttons and F12, with no user input beyond confirming that yes, I'd like
to format C.

With a pure DUID system, generated randomly at boot time, there's no longer
any consistent seed that can start the lookup chain required for a machine to
automatically configure itself.  This means that the only choice left is to
slowly, manually, and painstakingly pick the machine identity out by hand -
not something very nice to any of your administrators.

-- 
Frank Sweetser fs at wpi.edu  |  For every problem, there is a solution that
WPI Senior Network Engineer   |  is simple, elegant, and wrong. - HL Mencken
    GPG fingerprint = 6174 1257 129E 0D21 D8D4  E8A3 8E39 29E3 E2E8 8CEC

More information about the dhcp-users mailing list