tech-net archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: ndp(1) and arp(1) enhancements for easier scripting of IPv6 prefix delegation
> I have a "dynamic" IPv6 prefix delegated to my internal network and I
> need to automatically update firewall rules and DNS entries when the
> prefix changes.
> [...]
> This alogrithm is not quite stable. It assumes building public
> addresses from IPv6 prefix via mac
Well, given what you're trying to do, you need *some* way to figure out
the v6 address in question; your code will need to duplicate whatever
computation is done to create your `dynamic' v6 address.
> [...]; but (far worse) it assumes the host has already updated the
> public address after the RA told it about the new prefix.
Well, when does it run? Could it just wait until that's true? Perhaps
watching a routing socket for RTM_ADD messages could let you act
semi-immediately when the NDP entry appears?
> What do others do? Not care about IPv6, have a fixed prefix,
> something else?
Personally? Fully static addressing, manual configuration everywhere.
If/when I get renumbered, I need to manually update each machine's
config. It's been over a decade without a renumbering; while it now
appears one is likely to happen soon, it's still probably less headache
overall than trying to implement and maintain something along the lines
you outline. But that may not be true for your case.
/~\ The ASCII Mouse
\ / Ribbon Campaign
X Against HTML mouse%rodents-montreal.org@localhost
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
Home |
Main Index |
Thread Index |
Old Index