You can write script to poll routers for IPv6 neighbors, and store those in a database. That will get you the IPv6 to MAC association. Then poll L2 devices for MAC address tables for the MAC to port association. We've had such a system in place for a few years now to map addresses to ports, etc., it also checks for rogue RA. It's messy (and I don't like the extra load it causes on routers). If we had things like DHCPv6 snooping, RA guard (which you can implement with PACLs), and IPv6 source verification we wouldn't need it. Thankfully most of these are all in the pipeline. On Sun, Feb 27, 2011 at 5:32 PM, Karl Auer <kauer@biplane.com.au> wrote:
On Sun, 2011-02-27 at 14:47 +0000, Leigh Porter wrote:
Does anybody have anything neat to keep logs of what host gets what ipv6 address in an SLAAC environment?
How do you define "what host"? If it's by MAC address (and you are not using temporary, cryptographic or random addresses), then the MAC is in the address the host ends up using.
Also, as someone else said, hosts don't "get" addresses via SLAAC - they generate them. That means that while you may be able to predict what they *will* use, you would need to snoop NDP to find out what they *are* using, and even more so for temporary, cryptographic and random addresses.
I have no experience of anything that actually does this, but it would be fairly simple to do. NDP will end up snooped in routers and switches for lots of reasons, so expect to see such features in real kit pretty soon. Make sure you let your vendor know what you want/need...
Regards, K.
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Karl Auer (kauer@biplane.com.au) +61-2-64957160 (h) http://www.biplane.com.au/kauer/ +61-428-957160 (mob)
GPG fingerprint: DA41 51B1 1481 16E1 F7E2 B2E9 3007 14ED 5736 F687 Old fingerprint: B386 7819 B227 2961 8301 C5A9 2EBC 754B CD97 0156
-- Ray Soucy Epic Communications Specialist Phone: +1 (207) 561-3526 Networkmaine, a Unit of the University of Maine System http://www.networkmaine.net/