IPV6 Dynamic Address Stability
Chris Buxton
chris.p.buxton at gmail.com
Mon Oct 29 17:38:35 UTC 2012
On Oct 29, 2012, at 10:01 AM, Martin McCormick wrote:
> This is a question about best IPV6 practice.
> We will most likely begin transitionning to IPV6 one day
> soon and I frankly want us to get started on the best possible
> path to fully use IPV6's capabilities so that human intervention
> is minimal.
>
> If a client gets an IPV6 dynamic lease is he or she any
> less likely to spontaneously loose the allocation if an
> accidental or malicious client tries to use the same IP
> address?
>
> On our main campus, we have around 9500 bootP
> allocations and several more thousand dynamic hosts. Malicious
> activity is fairly small, but what can scientifically be
> referred to as "bone-head" mistakes such as imaging one machine
> from another and including the IP configuration in that image
> happen often enough that it is somewhat of a problem in areas
> where a number of people know just enough to be dangerous.
Neighbor discovery is designed to protect against this. If a device wants to start using an address, it should first ask existing devices if the address is already in use. Of course, bad implementations might happen, but for major operating systems, this should work reliably. However, if the address is statically assigned, all bets are off.
With IPv6, it is encouraged to use all dynamic addresses (derived from either SLAAC or DHCP). Non-temporary addresses should be pretty stable, so even servers can reasonably use dynamic addresses.
Chris Buxton
BlueCat Networks
More information about the dhcp-users
mailing list