We have an in-house IPAM system that's built on top of ISC DHCPd. As far as DHCPd configuration is concerned we only ever hand out static assignments; we have a different process that monitors un-responded requests coming in; allocates an address from the database (if permitted by the logic), and then dynamically updates DHCPd via omapi with the [dynamic] static assignment. It's a little more involved than that; but on a basic level, we only hand out addresses (IPv4 or IPv6) to "registered" hosts in the database. A dhcpd.conf for IPv6 would look something like: ----8<---- subnet6 2001:db8:100:1442::/120 {option dhcp6.name-servers 2001:db8:100:820::b,2001:db8:100:482::7;} host example-hostname.net.maine.edu {hardware ethernet 78:2b:cb:98:ab:cd; fixed-address6 2001:db8:100:1442::13;} ----8<---- An example using the DUID: "host-identifier option dhcp6.client-id 00:01:00:01:11:ee:71:12:00:1a:a0:aa:aa:7f;" Note that with newer versions of ISC DHCPd you can specify a MAC address instead of a DUID; and if the DUID is based on that MAC it will match. Still waiting on ISC to allow us to also specify the IAID, as it would be an issue if a host had multiple NICs in use, since the DUID is shared, though, but there is always manual configuration for that special case until then. Using DHCPv6 to only hand out addresses to hosts we want to have an address has allowed us to make IPv6 ubiquitous across our 7 member universities, and participants in our R&E network. Attempts to roll out IPv6 with SLAAC was a non-starter politically; people don't like the idea of every host on a subnet grabbing an IPv6 address unless configured not to do so; especially when you consider security concerns, and potential bugs with older IPv6 implementations (RHEL 3 and kernel panic when IPv6 connection is received, for example). On Tue, Nov 29, 2011 at 11:46 AM, Leo Bicknell <bicknell@ufp.org> wrote:
In a message written on Tue, Nov 29, 2011 at 11:39:06AM -0500, Ray Soucy wrote:
We run both systems, in production, using DHCPv6 on prefixes much smaller than 64-bit (typically 120 or 119; we mirror whatever the IPv4 prefix length is).
Can you explain a bit more about how this works? My understanding of the current DHCPv6 implementations is that they had a hard assumption of a /64 prefix and the ability to do SLAAC and hear a valid RA in order to do DHCPv6. Are you doing anything special to make this happen with smaller subnets?
-- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/
-- Ray Soucy Epic Communications Specialist Phone: +1 (207) 561-3526 Networkmaine, a Unit of the University of Maine System http://www.networkmaine.net/