[ipv6-wg] IPv6 on P2P links
- Previous message (by thread): [ipv6-wg] IPv6 on P2P links
- Next message (by thread): [ipv6-wg] IPv6 on P2P links
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Martin Millnert
millnert at gmail.com
Thu May 26 17:37:34 CEST 2011
Hi, On Thu, May 26, 2011 at 8:43 AM, Marco Hogewoning <marcoh at marcoh.net> wrote: > On May 26, 2011, at 2:25 PM, Yannis Nikolopoulos wrote: > >> so, >> >> other than the fact that it's wasteful, is there any other reason for not using /64 (that's what we're using) on p2p links? > > I wouldn't describe it as wastwful, every subnet is per standard /64 anyway. The primary reason are security concerns like the fact that you might be able to trick a machine into sending loads of ND messages (or responses), filling up the neighbor cache or CAM table. > Yes. I recommend http://inconcepts.biz/~jsw/IPv6_NDP_Exhaustion.pdf for more details on this. It seems to be a pretty serious issue in most implementations. The author of the PDF recommends allocating /64 but using whatever fits your need. This way you'll stay ready for the future, should you have a reason to change, interoperability or other. Best regards, Martin
- Previous message (by thread): [ipv6-wg] IPv6 on P2P links
- Next message (by thread): [ipv6-wg] IPv6 on P2P links
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ ipv6-wg Archives ]