[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Captive-portals] IETF 100: ICMP Discussion Summary

On 4 December 2017 at 09:25, Michael Richardson <[email protected]> wrote:
> {did not make it in person, and had a conflict and I haven't watched the
> session on youtube yet}
> Kyle Larose <[email protected]> wrote:
>     > - Question was raised about whether we should restrict the number of v6
>     > addresses (one address, one prefix, etc).
> Was there any consensus?
> I don't see a way to restrict the number of v6 addresses per UE except via stateful
> DHCPv6, and few use that.

No consensus yet, IIRC.


My opinion is that we cannot restrict IPv6 addresses (violation of
7934).  And any captive portal that identifies clients solely by IPv6
address is going to give some UEs a royally painful experience.  When
the downstream network architecture can include whole /64s given to
single devices (e.g. 64-per-host) the experience will get really bad.

This is just a reality of dealing with IPv6 (and I think it's a good
thing).  We just need to adapt, and I think it actually points to some
constraints we can use to narrow down the solution space.

As I see it at the moment, the only future-proof options come down do:

    - building into the portal/enforcement point knowledge of the
network architecture
    - identifying clients by things that identify the device on-link
(e.g. MAC address)
    - identifying clients by things that identify the link itself (DSL
line ID, /64, ...)


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature