The issue here is that there are two different ways to assign addresses in IPv6: SLAAC and DHCPv6. Apple only wants to support SLAAC; they think it's a waste of their time to have two different protocols to do the same thing. Unfortunately, a lot of ISPs want to only support DHCPv6, because it (easily) supports an audit trail and SLAAC doesn't.

I predict that things will turn out fine because people will converge on speaking SLAAC between OS X and the router and DHCPv6-PD between the router and the ISP. But you have to have a router.

Depending on DHCP to audit trail is flawed, because it is easy to spoof addresses.

Unless, of course, you're restricting traffic to prevent spoofing: in which case you could be doing the same for addresses assigned by SLAAC just as easily.

SLAAC also has a lot to offer for faster configuration of mobile devices roaming between networks.

Apparently OS X now supports supplying DNS servers through SLAAC. Previously this wasn't supported, so you'd still need a DHCP(v4) server to fully support a client.

> Apparently OS X now supports supplying DNS servers through SLAAC

i thought this was done via router-advertisements only. slaac is used to configure v6 host addresses, and once that is done, other network parameters e.g. rdnss etc. can be obtained either via RA or DHCPv6 (the 'O' flag in RA messages)

This isn't really a problem, since you'll need to run dual-stack for years to come anyway.

To Apple's credit, they are one of the few vendors of consumer-grade routers who made it trivial to set up IPv6 (Airport Extreme/Express), including tunneling.

Also to their credit, Lion hasn't even been released yet.

This is true. There are only a few vendors out there who support IPv6 at all, and those that do aren't consistent with their products.

For example, D-Link supports IPv6 + tunneling on their DIR-615, but only on revisions C and E (not D), and don't support firewalling for IPv6.

However, most do support radvd for stateless addressing, which OS X supports fine. This is also the easiest option for configuration in home networks.

Personally I love the first response from http://seclists.org/nanog/2011/Feb/1907

    what is it about ipv6 which attracts religious nuts?

What do you love about this response? What actual value does it convey besides snideness toward people that actually care about what they work on?

On what basis should Apple be forced to provide a DHCPv6 client as part of their OS? They have 10% of the market, and the number of IPv6 users I imagine is going to be a niche within their niche.

I appreciate that DHCPv6 support may be useful for some apple customers, but in the grand scheme of things it's probably in a minority, perhaps best served by the app store.

I also like the idea of references to 'religious nuts' being tied to apple users, not all but specifically of the fanboy type.

In short, I find the statement poetic. The value it adds is humour. You might not agree as humour is subjective, but it works for me.

Sorry, but are you saying "almost nobody needs IPv6, so why care"?

That's why we still can't have nice things.

No, on the contrary. What I'm saying is that IPv6 doesn't have enough traction, there's a finite number of developers and there are features that will be used by more people that should take more priority.

To put it another way, a native IPv6 client isn't necessarily as innovative as some of the other pending features. Not having DHCPv6 native isn't the end of the world and is a minor annoyance for a few. Putting a team on implementing DHCPv6 for a small subset of users takes people away from things like bugfixes. DHCPv6 is not trivial.

If Apple found a feature that relied upon IPv6 then I imagine a DHCPv6 client would be a priority. As it is, in the meantime you'll have to settle for things like http://klub.com.pl/dhcpv6/ - which at least works on leopard but you'll have to compile it yourself and it's not complete.

For some info on what is already possible with IPv6 on OSX take a look here: http://ipv6int.net/systems/mac_os_x-ipv6.html

Sorry for misunderstanding, now I see. Thanks for the explaination!

That's much clearer. Thanks.

They don't have to yet. Really, IPv6 is not going to be an issue this year at all. That ends up just being a patch Apple can come up with later. I don't see the big deal here.

Right. The Apple developers have been working very hard on 10.7, and it's kind of sad to see a story focusing on some vague subject (which, as you say, can be applied as a patch anytime later when it becomes more relevant) that is lacking. In my opinion, it's better to offer constructive criticism on the new stuff that they've been working on for this release.

I thought IP assignment was built into IPv6?

Stateless autoconfig is, but stateless is bad for ISPs and network administrators because it means anyone will be able to get an IP just by plugging their machine into the network. With only 3.40282367 × 10^38 IPs available, you can see why they would want to ration them.

At current population growth, we will run out of addresses—if we give every human one IPv6 address—in only ~6000 years, or—if everybody should get 1000 addresses, for all those internet-enabled toasters and such—in ~5500 years. Obviously we already need to plan ahead and carrier-NAT IPv6.

according to node-requirements rfc-4294, dhcpv6 is infact optinal. however, for an enterprise network, the fact that any v6 capable device can get a legit address is probably not such a good idea (it can be argued the other way also ofcourse).

In an enterprise network, if unauthorized devices are getting access to your physical network, you might have other issues. :-)

At the last big company I was at, we did DHCP over IPSEC and IPSEC polices blocked everything and anything not authorized. Crazy secure.

Yes, stateless autoconfiguration in IPv6 is supported by OS X. However, for stateful autoconf, you still need (a newer version of) DHCP, which OS X doesn't support yet.

For those who don't know what DHCP v6 is it is the ipv6 version of DHCP. See http://en.wikipedia.org/wiki/DHCPv6 for more information.

I still care more about ZFS :/