[ipv6hackers] RFC7217 in Mac OS? (Fwd: "secured" IPv6 addresses)

Matjaz Straus Istenic matjaz at njetwork.si
Thu Oct 6 21:12:15 CEST 2016


Hi,

yes, it looks like RFC7217. IP addresses are stable and are defined as f(prefix, interface, some_system_id). Same goes for link local addresses. SSID in WiFi network is not taken into account, so link local address is the same in different WiFi networks (because the prefix is always fe80::/64).

Congratulations, Fernando :-)

Best regards,
	Matjaž

> On 29 Aug 2016, at 16:18, Fernando Gont <fgont at si6networks.com> wrote:
> 
> Folks,
> 
> Can anyone confirm that this is the result of implementing RFC7217?
> 
> (This would be good news, btw).
> 
> Thanks!
> 
> Cheers,
> Fernando
> 
> 
> 
> 
> -------- Forwarded Message --------
> Subject: 	"secured" IPv6 addresses
> Date: 	Sun, 28 Aug 2016 20:59:20 +0200
> From: 	Iljitsch van Beijnum <iljitsch at muada.com>
> To: 	ipv6-dev at lists.apple.com
> 
> 
> 
> Hi all,
> 
> I've installed the most recent public beta, and I see something interesting:
> 
> en4: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>        options=10b<RXCSUM,TXCSUM,VLAN_HWTAGGING,AV>
>        ether 40:6c:8f:32:4b:c3         inet6
> fe80::8f:b474:a9dc:4174%en4 prefixlen 64 secured scopeid 0x9
> inet 192.168.178.20 netmask 0xffffff00 broadcast 192.168.178.255
>        inet6 2001:470:1f15:8b5:df:900f:a6a3:715c prefixlen 64 autoconf
> secured         inet6 2001:470:1f15:8b5:f54c:e5dc:fb28:ddca prefixlen 64
> autoconf temporary         nd6 options=201<PERFORMNUD,DAD>
>        media: autoselect (1000baseT
> <full-duplex,flow-control,energy-efficient-ethernet>)
>        status: active
> 
> Previously, the link local address as well as the stateless autoconfig
> non-temporary address were derived from the Ethernet MAC address. That
> is no longer the case, the system now seems to create persistent link
> local and stateless autoconfig addresses that are not directly derived
> from the MAC address. I believe Windows also does this.
> 
> These addresses survive reboots but not a clean reinstall of the system.
> 
> I can't find any documentation on how this works, though. Is there an
> RFC or something else that describes these secured addresses? How are
> they generated?
> 
> _______________________________________________
> Ipv6hackers mailing list
> Ipv6hackers at lists.si6networks.com
> https://lists.si6networks.com/mailman/listinfo/ipv6hackers



More information about the Ipv6hackers mailing list