[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Captive-portals] IETF 100: ICMP Discussion Summary



On 4 December 2017 at 09:25, Michael Richardson <[email protected]> wrote:
>
> {did not make it in person, and had a conflict and I haven't watched the
> session on youtube yet}
>
> Kyle Larose <[email protected]> wrote:
>     > - Question was raised about whether we should restrict the number of v6
>     > addresses (one address, one prefix, etc).
>
> Was there any consensus?
>
> I don't see a way to restrict the number of v6 addresses per UE except via stateful
> DHCPv6, and few use that.

No consensus yet, IIRC.

<hats:off>

My opinion is that we cannot restrict IPv6 addresses (violation of
7934).  And any captive portal that identifies clients solely by IPv6
address is going to give some UEs a royally painful experience.  When
the downstream network architecture can include whole /64s given to
single devices (e.g. 64-per-host) the experience will get really bad.

This is just a reality of dealing with IPv6 (and I think it's a good
thing).  We just need to adapt, and I think it actually points to some
constraints we can use to narrow down the solution space.

As I see it at the moment, the only future-proof options come down do:

    - building into the portal/enforcement point knowledge of the
network architecture
    - identifying clients by things that identify the device on-link
(e.g. MAC address)
    - identifying clients by things that identify the link itself (DSL
line ID, /64, ...)

</hats>

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature