host-identifier with IPv6

[Simon Hobson]

Ted Lemon wrote:

>I agree that this is a problem in theory, but I would be willing to 
>bet that in practice, it's not a problem at all - the behavior of 
>the client is almost certainly deterministic.

I've been following this thread, though I don't have any IPv6 at the 
moment, my providers at home and work don't support it, and I'm not 
getting any hint of interest at work :-( If I might throw in my 2d 
worth* ...

There seems to be a lot of non-deterministic language being used ! 
Here you say "alomost certainly", in an earlier message you use 
"chances are" and "it's likely" :

>If your DHCPv6 clients follow the spec, chances are that they are 
>already sending you the MAC address in the DUID option.   The server 
>is encouraged to treat the DUID as an opaque field, and the DUID 
>extra information in the DUID is intended to allow it to work 
>correctly even if you use the same network card at different times 
>in different machines.   But on a practical level it's likely that 
>every single DHCPv6 client you have is in fact sending their current 
>Mac address in the DUID.

Earlier still, you say :
>First of all, implementors are encouraged to provide ways for things 
>like DUIDs to be known by all the protocol agents that might use 
>them.   But of course we have no control over what implementors 
>actually do.

So we add "encouraged to"


All this adds up to a hell of a lot of "should mostly work" which is 
not what most administrators want. Sitting on the sidelines, it does 
seem to me like the key element missing here is for all IPv6 devices 
to have a fixed, immutable (or at least as close to that as a MAC 
address is now), globally unique identity that is easily obtainable 
by administrators. In the absence of anything better, up until now 
we've been using the ethernet MAC address of the interface - though 
as has been pointed out, this isn't always ideal.

Without such a unique identifier, it seems to me like quite a few 
administration schemes are likely to be tricky to implement, if they 
are implementable at all. It's one thing saying that the MAC address 
(nearest thing we have to a globally unique and unchanging 
identifier) is embedded in the DUID - but I'd be wary of relying on 
something that is a) something the spec says not to do (look inside 
the value and attribute meaning to it), and b) is only guaranteed to 
the confidence level of "it's likely".

I fear it's too late to fix that now as it would require changes to 
existing clients - and there's no guarantee of that happening.


* Rather old English expression - throw in ones tuppence worth (2d = 
2 old pence = tuppence). Ie, give ones opinion.

-- 
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.