North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: IPV6 renumbering painless?
On Fri, Nov 12, 2004 at 05:19:36PM +0100, Simon Leinen wrote: > > "specified the entire 128 bits"... how do you specify only part of > > it? > > On Solaris, you would use the "token" option (see the extract from > "man ifconfig" output below). You can simply put "token ::1234:5678" > into /etc/hostname6.bge0. I assume that other sane OSes have similar > mechanisms. Ah thanks. No, not seen anywhere in Linux or *BSD. > > What determines the rest? > > The prefix advertised in prefix advertisements. OK, but this doesn't have any effect on your "Listen", "NameVirtualHost" and "<VirtualHost>" statements of your httpd.conf, "ListenAddress" in sshd.conf, "Bind" in proftpd.conf, "*-source" and "listen-on*" in named.conf, [...] Not to forget all the IP address based ACLs. > > "fixed" as in "now using stateless autoconfig"? Fun... change NIC > > and you need to change DNS. Thanks, but no thanks. Not for > > non-mobile devices which need to be reachable with sessions > > initiated from remote (basically: servers). > > The above mechanism solves this problem even with stateless > autoconfiguration. Agree? The NIC-change problem? Yes, agreed. But generates new problem: Plug server accidently in wrong VLAN (and thus other subnet) and you'll might get an IP address collision. I know ND DAD prevents the worst for that case in the immediate term, but when the original holder gets reconnected/rebootet, THIS one is off their air. But you're right, typos in IPv4 might provoke similar desasters so I rest this specific case. :-) > I think it's an advantage if servers can get their prefixes from > router announcements rather than from local config files. Sure, you > still have to update the DNS at some point(s) during renumbering, but > that can't be avoided anyway. Given that a server often has to know it's exact IP address very often (especially if it has multiple IP addresses associated with it's public interface), it's not a real relief compared to the other struggles you have when subnet changes. Regards, Daniel -- CLUE-RIPE -- Jabber: [email protected] -- [email protected] -- PGP: 0xA85C8AA0
|