IPV6 DHCP | docsis.org

You are here

IPV6 DHCP

10 posts / 0 new
Last post
odanquah
IPV6 DHCP

How important is DHCPv6 Server to your network? How much are you prepare to buy a DHCPv6 Server?

kwesibrunee
Pretty sure that there won't be much money in it

My IPv6 is still a bit rusty but my understanding of the dhcp portion of it is the dhcp server will no longer allocate IPs to devices, but rather it allocates the other things i.e. dns-servers option 122 settings tftp servers. The Ip in IPv6 is generated on the client and is a combination of the network address and a uniquely generated id. Unlike current ipv4 dhcp there will likely be no reason to use anything other than dhcpdv6 as no authorization will be done at the dhcp server.

My company certainly will not be buying a new dhcp v6 server, my feeling is that DHCP will become like DNS no one really uses more than about 3-4 dns servers with most or even all of them free. While there are commercial dns servers out there they are not used often.

odanquah
DHCPv6 Server

1. On fixed-line networks, it is likely that prefix delegation will be the
norm for a provider. Instead of allocating a single address, you will
allocate an entire subnet to the CPE. There is no equivalent to
address-autoconfiguration for assigning prefixes, so you will most likely end
up using DHCPv6 for this.

2. Layer 2 snooping as it is currently implemented watches DHCPv4 traffic. If
a device has not received an address through DHCPv4, the device can be cut
off at layer 2. This type of rigid access control is widely deployed today.
In order to implement this in IPv6, a DHCP exchange has to take place. This
makes the DHCPv6 server an authoritative place to decide if a device can
access your network.

3. Larger ISPs have stated to the IETF that they are not comfortable with
address auto-configuration, because they have little or no control over who
can connect to their network.

4. Tracking IP address usage for Law Enforcement becomes simpler using DHCPv6
than using address auto-configuration

5. Generating reports of which addresses are in use and what kinds of devices
are using them is more difficult without DHCPv6.

6. Dynamic DNS. Many NOCs are not comfortable with end hosts updating their
DNS server directly because of the potential for abuse. Using DHCP, you have
a trusted DHCP server that updates your DNS server.

As for point 2 above: The mechanism for layer 2 snooping has become highly
evolved over the years, and our understanding is that manufacturers are going
to keep this control mechanism in place, and that many providers absolutely
want this kind of control.

As for point (2) above: The understanding in the IETF is that this will be the
norm for fixed-line networks, and as such we expect to see most CPE
manufacturers sending DHCPv6 requests for both one prefix (southbound
interface) and one address (northbound interface). As a provider, you may
have difficulty NOT using DHCPv6 if your customers are using residential
gateways that expect to be able to have a prefix delegated.

kwesibrunee
All very valid points,

All very valid points, however most providers who visit this forum (i.e. not the big boys) won't use most of the options you listed.

Take me for example, we are a small operator, ~10k Inet subs
option 1 I could see this being used for business customers but not any time soon.

Option 2 dhcp leasequery is widely used, however I have never seen an ipv6 version, even on a docsis3.x cmts.

Option 3 definately is a turn off to me also for the whle ipv6 thing though sooner or later it will become necessary.

Option 4 I use other means than dhcp for tracking IP usage, dhcpd did not retain a long enough history, so I wrote an Arp parsing script that is ran every day.

Option 5 Which addresses are in use seems to be better accomplished by querying the routers rather than the dhcp server imo.

Option 6 The only current need I have for Dynamic DNS is for packetcable devices which an IPV6 version as far as I know have not been implemented at this time.

Dhcp leasequery or its equivalent would indeed be nice, but no CMTS I know of currently supports an ipv6, version of it and I believe the rfc is ipv4 only.

not too familiar with this portion of dhcpv6 /ipv6 you definately may be correct.

My original point is that you may have a hard time making money with a dhcpv6 server with so many free alternatives.

budm
DHCPv6

Hi kwesibrunee:

As for your original point about so many free alternatives, that's been the case for some of our product lines. It keeps us on our toes, though, and demands that we create a compelling product at a reasonable price.

* Lease query for DHCPv6 is in RFC form (and has been for quite some time), so that should definitely start appearing as manufacturers get their IPv6 support in place. From my vantage point, I see manufacturers scrambling like mad to get their IPv6 support production ready. :)

* I don't see layer 2 snooping (which is not lease query) going away, but it's true this feature may very well be disabled at many smaller providers. This type of feature can help prevent theft of service, though, and that's always a good thing.

* About prefix delegation - at this point I am not sure how the average residential gateway will behave with regards to prefix delegation, but if they require it, then you'll have to support it in order to get the gateway to function at all. Time will tell. The buzz I'm hearing is that prefix delegation will be very important for fixed-line networks.

* I can see possibilities for dynamic DNS, such as charging for the privilege of having a DNS entry at the provider, but I agree this is less important.

As a side note, dhcpd can log lease allocations, so why is that not a long enough history?

kwesibrunee
lots of IPv6 news this week .

lots of IPv6 news this week .... Arin got the last /8 of IPv4, Comcast started dual stack IPv6 trials (great now my boss is gonna want me to start working on that too)

The IPv6 transition should be fun in the next couple of years.... We are a cisco house and IPv6 on CMTSes is not yet ready, currently being done in software (read slower than dirt) supposed to be moved to hardware in a upcoming release.

These days something like layer 2 snooping would be a hard sell to the powers that be, unless I could prove rampant theft of service Chicken meet Egg.

Comcasts first ever docsis 3.0 IPv6 rollout uses /64 delegation, What the hell you would do with 18 quintillion IPv6 address I do not know, I guess change your machines ip every second for the rest of your life. Definitely gonna have to do more research.... Going to petition Arin for our last (potentially at least) block of IPv4 very soon and hopefully get some IPv6 IP space to play with as well.

I think I will go insane if we have to support dynamic dns updates.... Can just imagine the tech support nightmares that would cause.....

dhcpd logs are too bulky to be kept for any length of time by us, read months or years. I routinely get requests that are 6-8 months old and maintaining that amount of log files was just not feasible for us. I wrote a small script that grabs the modem and cpe IPs from each cmts and tars and gzips it and stores each days worth in < 10kb I have 2 years worth of history now and it takes a few megabytes. The logs from our 5+ dhcp servers would take considerably more space. We briefly experimented with a mysql log facility but quickly learned how much storage and processing power that took and being in-process caused the service to freak out when the inserts did not come back in a reasonable time i.e a few secs.

There was also a time when we used cisco network registrar, good dhcp server, really bad history storer we lost several chunks of history, due to the way it stores files and the 2 Gigabyte limit it imposed. Once the history hit 2 Gigs it was toast and it took the server along with it. It was easily fixed by starting a new history file but then you lost all of the past history. Needless to say when we switched servers, I developed an off-server history backup that was not reliant on the dhcp server, and definitely was not in-process.

budm
Heh

Yeah, I think /64 is the smallest recommended size, which effectively cuts the IPv6 space from 128 bits to 64 bits.

DHCP logging was something we really spent a lot of time looking at. For starters we had to set up all logging to be asynchronous so we could log in the background while doing 1000 leases/sec. We'd heard that ISC's recommendation for dhcpd was to disable logging when you have a lot of queries coming in, but that seems to me to be dropping the ball at the most important time.

Although it's true we can generate enough log files to drown you in data, you can also choose to only log at "audit" level, or you can choose a completely different logging mechanism that just logs lease allocations (to a text file, with auto-rollover). And of course we support logging to a syslog server. We also have one of those (a syslog server), and the big insight there I think was to expand the database to its maximum size over time, but to then start re-writing older records and updating their timestamps. That means that eventually there are no insert operations happening, just updates, and those are fast.

I cannot imagine that CNR would have a 2GB file size limit in this day and age. Surely that has been fixed in a later release. Needless to say, we have no such issues with our DHCP server.

odanquah
Check This Out Kwesi

Hi Kwasi, your name sounds like someone from Ghana, am i right. Am also from Ghana. I am giving you a link to our Device Provisioning online demo software called Broadband Provisioner. But i want you to check the DHCP side only since you may not be a cable ISP (if you are then check the whole system out)

URL is: http://213.115.152.226:5000
user name is : admin
password:

Please give me feed back. You can send me e-mail (enochd@broadbandprovisioner.com)

kwesibrunee
Not from Ghana, but I did

Not from Ghana, but I did live there from 96-98 great country hope to someday go back.... As you know kids there call most foreigners Kwesi Bruni, and the name just kind of stuck as my nickname. But unlike a lot of foreigners I actually was born on Sunday :D

What part of Ghana are you from? I lived in Accra, Koforidua, and Cape Coast while in country. I would guess you are either from Accra or Cape Coast by your name....

odanquah
Larteh Akwapin in The eastern region

Happy to hear that you lived in Ghana some time ago. I come from the eastern part of Ghana (Larteh Akwapim). Have you had the chance to go through the link i gave you? You can send me a mail to my e-mail. enochd@weird-solutions.com

Log in or register to post comments