On 06/07/2012 10:04 AM, James JJ Hooper wrote:
> Slightly tangentially, we haven't quite decided what the best plan for
> logging IP to MAC [or to user] is for wider IPv6 deployment - I'm aware of
> SLAACer, SNMP to a router's neighbour table (either home brew or e.g.
> NetDisco),
We do this (actually we scrape the IPv6 ND table with an expect script;
the reason being that SNMP must sort the OIDs numerically, which can
incur significant CPU load on puny 6500/sup720 CPUs - the CLI command
presents in "native" order, so no hit) and put it into an SQL database.
It works fine.
One thing to consider: recording the link-local addresses might be
necessary, in addition to the globals; we've already had issues with
objectionable content appearing in an iTunes client on one machine,
shared from another on the same subnet. Over IPv6, that would have
necessitated tracking a link-local IP->MAC.
DHCPv6 doesn't look viable to us at the moment (for one thing, the
DHCPv6 relay agent on our version of IOS is not L3VPN aware, and we use
L3VPN exclusively).
|