On Jun 9, 2015, at 4:43 PM, Mikael Abrahamsson <swmike@swm.pp.se> wrote:
On Tue, 9 Jun 2015, Joel Maslak wrote:
Agreed - apparently the solution is to implement SLAAC + DNS advertisements *AND* DHCPv6. Because you need SLAAC + DNS advertisements for Android, and you need DHCPv6 for Windows.
Am I the only one that thinks this situation is stupid?
You don't need to hand out addresses by means of DHCPv6 IA_NA to windows, it does A=1 mode for SLAAC just fine.
There is a big difference between handing out resolver, ntp-server, dns search domains etc by means of DHCPv6, and handing out addresses based on DHCPv6 (stateless vs stateful).
From what I have understood Android has made design decisions that means some things will break if you would only give is a single IPv6 address. This is most likely what some operators want to achieve when they say they want to use DHCPv6 IA_NA.
In order to actually solve the problem they're trying to solve, you need SAVI (https://tools.ietf.org/wg/savi/) and 802.1x (or similar mechanism) in order to actually gain the control these people are looking for. My question, do they implement this on IPv4?
It’s way more fun to fight about it when NDP and DHCPv4 were coming of age at the same time, and DHCP was seen as only a minor upgrade to BootP at the time. The IPv6 purists seem to think that DHCP == NAT == EVIL at times which is frustrating. The result is we have both M=0, M=1, etc.. options and something can be sent via NDP or DHCP, including possible DHCP-PD in conjunction. The reality is I need things to “just work”. It was interesting to inherit someones half-done IPv6 implementation on our VPN platform, they didn’t understand that proxy-arp didn’t really exist in IPv6 land and the block had to be routed to the VPN box. There are many minor and subtle differences in these technologies which become obvious when some time is spent digging through them. - Jared