Hi, Trying to figure out how to do IPv6 address allocation for consumer customers connecting their end-hosts (Windows/OSX/Linux) directly to a Carrier Ethernet network/VLAN (obviously through some sort of fiber-to-Ethernet converter/bridge). The particular problem bothering me is user-to-address mapping traceability that you might need for regulatory/law enforcement reasons. I see the following options: #1 - use DHCPv6 instead of SLAAC ================================ Requires support for DHCPv6 Option37/38 and L3 switches all the way to the end-user (unless your favorite vendor supports L2 DHCPv6 extensions) and allows any third-party to track the user based on pretty static IPv6 address. Also requires DHCPv6 snooping/IPv6 source guard to prevent overly-easy spoofing. #2 - use SLAAC and don't care ============================= Consumer hosts will get random IPv6 addresses out of your Carrier Ethernet /64 prefix. Can you afford the "don't care" part of it? #3 - use CPE devices that only allow DHCPv6 IA_PD ================================================= This might be the cleanest approach (you map the customer into an IPv6 prefix), but it requires strict control of the CPE devices by the SP (think cable modems). #4 - use PPPoE over Carrier Ethernet ==================================== Been there, seen that. Not sure we can afford the performance/licensing hits. However, it does solve the authentication problems (PAP/CHAP), address tracking (RADIUS accounting records), randomized addresses (use local pool on the PE-router). Anything I've missed or is it really so bleak? Thanks Ivan