[ipv6-wg] IPv6 on P2P links
- Previous message (by thread): [ipv6-wg] IPv6 on P2P links
- Next message (by thread): [ipv6-wg] IPv6 on P2P links
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Yannis Nikolopoulos
dez at otenet.gr
Mon May 30 10:00:04 CEST 2011
On 05/26/2011 06:37 PM, Martin Millnert wrote: > Hi, > > On Thu, May 26, 2011 at 8:43 AM, Marco Hogewoning<marcoh at marcoh.net> wrote: >> On May 26, 2011, at 2:25 PM, Yannis Nikolopoulos wrote: >> >>> so, >>> >>> other than the fact that it's wasteful, is there any other reason for not using /64 (that's what we're using) on p2p links? >> I wouldn't describe it as wastwful, every subnet is per standard /64 anyway. The primary reason are security concerns like the fact that you might be able to trick a machine into sending loads of ND messages (or responses), filling up the neighbor cache or CAM table. >> > Yes. I recommend http://inconcepts.biz/~jsw/IPv6_NDP_Exhaustion.pdf > for more details on this. It seems to be a pretty serious issue in > most implementations. The author of the PDF recommends allocating /64 > but using whatever fits your need. This way you'll stay ready for the > future, should you have a reason to change, interoperability or other. > > Best regards, > Martin > i should've been more elaborate in my original post. One one hand, allocating a /64 per p2p link *could* be considered wasteful and Cisco's "official" word was to use /64 on p2p links as all code is optimized for that boundary. On the other hand, there's the NDP cache exhaustion issue mentioned in rfc6164 (this issue can be minimized by a sane security policy btw) plus Gunter's (very informative) comments. Allocating and using /64 on p2p links sounds tidy. The "allocating" part, we'll stick with, the "using" part remains to be seen regards, Yannis
- Previous message (by thread): [ipv6-wg] IPv6 on P2P links
- Next message (by thread): [ipv6-wg] IPv6 on P2P links
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ ipv6-wg Archives ]