Re: [homenet] IPv6 & firewall config in a home net
"Ray Hunter (v6ops)" <v6ops@globis.net> Fri, 06 September 2019 06:30 UTC
Return-Path: <v6ops@globis.net>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 317AA12011C for <homenet@ietfa.amsl.com>; Thu, 5 Sep 2019 23:30:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HAp2_I7HOmMf for <homenet@ietfa.amsl.com>; Thu, 5 Sep 2019 23:30:55 -0700 (PDT)
Received: from globis01.globis.net (mail.globis.net [IPv6:2001:470:1f15:62e::2]) by ietfa.amsl.com (Postfix) with ESMTP id 66A2112002E for <homenet@ietf.org>; Thu, 5 Sep 2019 23:30:55 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by globis01.globis.net (Postfix) with ESMTP id B28F44019B; Fri, 6 Sep 2019 08:30:54 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at globis01.globis.net
Received: from globis01.globis.net ([127.0.0.1]) by localhost (mail.globis.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yDxhUcAL5xaO; Fri, 6 Sep 2019 08:30:52 +0200 (CEST)
Received: from MacBook-Pro-3.local (h9041.upc-h.chello.nl [62.194.9.41]) (Authenticated sender: v6ops@globis.net) by globis01.globis.net (Postfix) with ESMTPA id EC550400B6; Fri, 6 Sep 2019 08:30:51 +0200 (CEST)
To: Ted Lemon <mellon@fugue.com>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, homenet@ietf.org
References: <ca32dd0fca31411588917d55556e2a91@rew09926dag07b.domain1.systemhost.net> <8F144A4B-0BE2-40C2-AE13-5FAB4AEB5733@fugue.com> <3326.1567447095@localhost> <F8D2D72B-AD92-483E-8D7D-EA4D6D57D0F5@fugue.com>
From: "Ray Hunter (v6ops)" <v6ops@globis.net>
Message-ID: <6f71b6d7-c9a0-dc7a-d614-440831fed3b3@globis.net>
Date: Fri, 06 Sep 2019 08:30:51 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:52.0) Gecko/20100101 PostboxApp/6.1.18
MIME-Version: 1.0
In-Reply-To: <F8D2D72B-AD92-483E-8D7D-EA4D6D57D0F5@fugue.com>
Content-Type: multipart/alternative; boundary="------------7C77855D25F97F203E0F0F89"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/homenet/jYpQVG4uzKqpfspp14beYssLqFw>
Subject: Re: [homenet] IPv6 & firewall config in a home net
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Sep 2019 06:30:58 -0000
Ted Lemon wrote on 05/09/2019 18:31: > On Sep 2, 2019, at 1:47 PM, Michael Richardson<mcr+ietf@sandelman.ca> wrote: >> Assuming that the prefix change is make-before-break (which we do not clearly >> know how to do on the WAN side, I think), then the web server should >> configure with the same rfc7212 IID, but a new prefix. > I don’t think there’s any need for the IID to be persistent. Make-before-break is accomplished by deprecating the old prefix when the new prefix is added. This is trivial to do; whether it is in fact done is a different matter. I think that at present the client would have to notice that it’s happened. Agreed. Using RFC7217 will anyway almost certainly guarantee that the IID will also change if the prefix changes. The prefix is included in the function that generates candidate IID's. RID = F(Prefix, Net_Iface, Network_ID, DAD_Counter, secret_key) That was done to prevent tracking when people move between wifi hotspots. -- regards, RayH <https://www.postbox-inc.com/?utm_source=email&utm_medium=siglink&utm_campaign=reach>
- [homenet] IPv6 & firewall config in a home net mal.hubert
- Re: [homenet] IPv6 & firewall config in a home net Ted Lemon
- Re: [homenet] IPv6 & firewall config in a home net Michael Richardson
- Re: [homenet] IPv6 & firewall config in a home net Michael Richardson
- Re: [homenet] IPv6 & firewall config in a home net Bob Hinden
- Re: [homenet] IPv6 & firewall config in a home net Juliusz Chroboczek
- Re: [homenet] IPv6 & firewall config in a home net Ray Hunter (v6ops)
- Re: [homenet] IPv6 & firewall config in a home net Stephen Farrell
- Re: [homenet] IPv6 & firewall config in a home net Ted Lemon
- Re: [homenet] IPv6 & firewall config in a home net Ray Hunter (v6ops)
- Re: [homenet] IPv6 & firewall config in a home net Mikael Abrahamsson
- Re: [homenet] IPv6 & firewall config in a home net JORDI PALET MARTINEZ
- Re: [homenet] IPv6 & firewall config in a home net Michael Richardson
- Re: [homenet] IPv6 & firewall config in a home net Michael Richardson
- Re: [homenet] IPv6 & firewall config in a home net Ted Lemon
- Re: [homenet] IPv6 & firewall config in a home net Ray Hunter (v6ops)