[193431] in North American Network Operators' Group
Re: Questions on IPv6 deployment
daemon@ATHENA.MIT.EDU (Sander Steffann)
Tue Jan 17 15:01:43 2017
X-Original-To: nanog@nanog.org
From: Sander Steffann <sander@steffann.nl>
In-Reply-To: <CAP-guGV9OyDLSNHH2vC0VjFo9Cs46Ocjn4MPjrymRmUzPTHp9A@mail.gmail.com>
Date: Tue, 17 Jan 2017 18:32:21 +0100
To: William Herrin <bill@herrin.us>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
--Apple-Mail=_08430BE5-A6F5-4C07-82F0-FFCC92DEA152
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
Hi,
> Suggest /128's for loopbacks and /124's for point to points, all from
> the same /64. This way you don't burn space needlessly, don't open
> yourself to neighbor discovery issues on point to points
I usually reserve one /64 for loopbacks, reserve a /64 per =
point-to-point connection and configure a /127 using ::a on one side and =
::b on the other. All of these from a block reserved for infrastructure =
for filtering:
> and can
> filter inbound Internet packets to that /64 in one fell swoop so that
> it's harder to hit your routers directly. Just make sure not to filter
> the outbound packets.
Having a single block for infrastructure makes this very easy. In most =
cases I don't need to worry about "burning space needlessly" so I =
reserve /64s per point-to-point. Worrying about "wasting" address space =
is more often an IPv4-ism than good practice with IPv6 IMHO :-) But it =
all depends on the complexity of your network. There are cases where it =
makes sense to think about this.
> Reminder: No matter what size you pick, use nibble boundaries for
> visual and DNS convenience. So /124, not /126.
Good advice!
Cheers,
Sander
--Apple-Mail=_08430BE5-A6F5-4C07-82F0-FFCC92DEA152
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail
-----BEGIN PGP SIGNATURE-----
iQEcBAEBCAAGBQJYflUlAAoJEKAtA7D+JBO5YBIIAJTl8zoTwUiuQY/NHX1o0kRS
ssYi0tZ7TWRPLy+AoM902/IOisI0/QFcwmHHvp/iuw9WD4HoPfXOE/VdpBJazJMr
WuVIQseQMZ2Vn0o+T5TQdOvZ7/0EIXRnxwyPPxx8lXf2wh1I13Z4Xty0YziXTcdo
q8b2StubUSh/Ss04gQeNUqVkR7rCEIWbEMEemTRClhMhYbrWnfoTksBQnCk8sPPK
0X7iw7kvCcF+pau+65nJuZ87pxVK9+lUvSljT6iGkZQ171tefTP4icNhm33t7uIj
btcEx7Hk1WKfEdJ0N1lPS0Tz4L7NthDfaXprK97lU1iliPPsDyJiEjVjBasFwMg=
=OXI6
-----END PGP SIGNATURE-----
--Apple-Mail=_08430BE5-A6F5-4C07-82F0-FFCC92DEA152--
