Comment by candiddevmike
4 days ago
No control over which source address is used. I'm assigning a lot of clients DHCP reservations so I can use static addresses for monitoring and firewall rules. With multiple addresses on the same network, clients may use their SLAAC address which won't match the firewall rule.
That still doesn’t really make sense. Why not run SLAAC on one subnet and have a single firewall rule for the whole thing? You’re not running any major servers on an Android phone, so it won’t be anything complex.
SLAAC can only run on a subnet that's larger than /64, which they might not have access to.
Strictly speaking it can and does run on subnets that are exactly /64. Does anyone actually hand out smaller delegations today?
2 replies →
There are APIs in Linux to control source address selection but might be fiddly https://www.davidc.net/networking/ipv6-source-address-select...
Ah, this makes sense.