![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
IPv6 temporary addresses
A week into using IPv6 with Andrews & Arnold, I haven’t run into any major problems. The initial setup was very easy, and online information is good. The majority of the devices on my network happily found themselves IPv6 addresses, although it was good motivation to check that everything was up-to-date (![[livejournal.com profile]](https://www.dreamwidth.org/img/external/lj-userinfo.gif)
qidane upgraded the firmware on the Ubiquiti NanoStations that provide the bridge down the road to his house).
With IPv6, devices can assign themselves an IP address based on a combination of the locally-advertised router prefix (in my case, the first 64 bits of my IPv6 allocation), combined with a mapping of the interface’s MAC address. This is straightforward, reliable, and removes the need for DHCP in address assignment (although DHCP — or other means — is still required for handing out DNS information to clients).
Unfortunately, this has the downside of embedding one’s MAC address in one’s IP address, which could allow tracking of devices across networks. To combat this, modern operating systems use privacy addresses alongside the auto-configured addresses. Devices use their auto-configured address for incoming traffic, but send data out from a randomised, temporary, IPv6 address.
Which is all very fine, but makes tracking network usage rather frustrating, particularly with a lot of devices on the network (across the two houses). Andrews & Arnold provide a handy page showing inbound and outbound bandwidth usage for each IP address on my network, but I can’t determine the device behind the temporary addresses on the list. I want all of my devices to have static addresses on my network, and to have sensible reverse DNS.
RFC4941 “Privacy Extensions for Stateless Address Autoconfiguration in IPv6” (section 3.6) says:
The temporary addresses can be switched off easily enough on the computers:
But I can’t see a way to turn off the use of temporary addresses on my iOS devices, or as a general network policy.
Maybe the answer is to run a DHCPv6 server.
qidane upgraded the firmware on the Ubiquiti NanoStations that provide the bridge down the road to his house).With IPv6, devices can assign themselves an IP address based on a combination of the locally-advertised router prefix (in my case, the first 64 bits of my IPv6 allocation), combined with a mapping of the interface’s MAC address. This is straightforward, reliable, and removes the need for DHCP in address assignment (although DHCP — or other means — is still required for handing out DNS information to clients).
Unfortunately, this has the downside of embedding one’s MAC address in one’s IP address, which could allow tracking of devices across networks. To combat this, modern operating systems use privacy addresses alongside the auto-configured addresses. Devices use their auto-configured address for incoming traffic, but send data out from a randomised, temporary, IPv6 address.
Which is all very fine, but makes tracking network usage rather frustrating, particularly with a lot of devices on the network (across the two houses). Andrews & Arnold provide a handy page showing inbound and outbound bandwidth usage for each IP address on my network, but I can’t determine the device behind the temporary addresses on the list. I want all of my devices to have static addresses on my network, and to have sensible reverse DNS.
RFC4941 “Privacy Extensions for Stateless Address Autoconfiguration in IPv6” (section 3.6) says:
Devices implementing this specification MUST provide a way for the end user to explicitly enable or disable the use of temporary addresses. In addition, a site might wish to disable the use of temporary addresses in order to simplify network debugging and operations. Consequently, implementations SHOULD provide a way for trusted system administrators to enable or disable the use of temporary addresses.
The temporary addresses can be switched off easily enough on the computers:
- On Mac OS X Lion, run “sysctl -w net.inet6.ip6.use_tempaddr=0” to make an immediate change, and add “net.inet6.ip6.use_tempaddr=0” to /etc/sysctl.conf for a permanent change.
- On Windows 7, run the following and restart:
netsh interface ipv6 set privacy state=disabled store=active
netsh interface ipv6 set privacy state=disabled store=persistent
netsh interface ipv6 set global randomizeidentifiers=disabled store=active
netsh interface ipv6 set global randomizeidentifiers=disabled store=persistent
But I can’t see a way to turn off the use of temporary addresses on my iOS devices, or as a general network policy.
Maybe the answer is to run a DHCPv6 server.