host-identifier with IPv6
Ted Lemon
Ted.Lemon at nominum.com
Sun Mar 1 20:31:50 UTC 2009
On Mar 1, 2009, at 12:35 PM, Eustace, Glen wrote:
> The inability to (consistently) uniquely identify a client in both
> IPv4 and IPv6 is a royal PITA. We have a solution for IPv4, albeit a
> poor one. But I need something in IPv6, and soon. The inability to
> use the MAC address, which is the only thing I currently have in our
> database is preventing further deployment of IPv6. And yes, I
> realise that one can deploy v6 without going stateful etc. But that
> isn't what I want to do.
If your DHCPv6 clients follow the spec, chances are that they are
already sending you the MAC address in the DUID option. The server
is encouraged to treat the DUID as an opaque field, and the DUID extra
information in the DUID is intended to allow it to work correctly even
if you use the same network card at different times in different
machines. But on a practical level it's likely that every single
DHCPv6 client you have is in fact sending their current Mac address in
the DUID. You shouldn't use the Mac in the DUID as a unique
identifier (that is, you shouldn't ignore the additional information
in the DUID), but if you're just trying to make an association or an
access control decision based on it, it should work just fine.
More information about the dhcp-users
mailing list