home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
X-Original-To: nanog@nanog.org From: Owen DeLong <owen@delong.com> In-Reply-To: <7df96f3fbe704d7b92e43da732c73be5@pur-vm-exch13n1.ox.com> Date: Tue, 17 Jan 2017 13:12:06 -0800 To: Matthew Huff <mhuff@ox.com> Cc: "nanog@nanog.org" <nanog@nanog.org> Errors-To: nanog-bounces@nanog.org I think you mean /127 since a /128 would not support 2 points on the = point to point. Owen > On Jan 17, 2017, at 13:07 , Matthew Huff <mhuff@ox.com> wrote: >=20 > The reason for allocating a /64 for a point to point link is due to = various denial of service attack vectors. Just do it. The numbers in = IPv6 are staggering. The generally accepted best practice is to allocate = a /64 and use a /128 within that /64 for point to point links. >=20 > ---- > Matthew Huff | 1 Manhattanville Rd > Director of Operations | Purchase, NY 10577 > OTA Management LLC | Phone: 914-460-4039 > aim: matthewbhuff | Fax: 914-694-5669 >=20 >=20 >> -----Original Message----- >> From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of William >> Herrin >> Sent: Tuesday, January 17, 2017 4:02 PM >> To: Michael Still <stillwaxin@gmail.com> >> Cc: nanog@nanog.org >> Subject: Re: Questions on IPv6 deployment >>=20 >> On Tue, Jan 17, 2017 at 12:48 PM, Michael Still = <stillwaxin@gmail.com> >> wrote: >>> http://nabcop.org/index.php/IPv6_Subnetting >>=20 >> That's overall good advice. I quibble with a couple of points: >>=20 >> 1. If you plan to use a /126 on a point to point and can't imagine = how >> you would use a /64 on that point to point, don't allocate a /64. = Odds >> are that by the time you can imagine some way to use a /64 there, the >> details will require you to assign a new block anyway. >>=20 >> Why be concerned about resource consumption? Because it's a good >> habit. Don't overdo it, IPv6 is not resource constrained the way IPv4 >> is, but shrewd use of available resources is a good habit even when >> resources are plentiful. >>=20 >> 2. Make all your point to points /124. That will work for all your >> point to points. Serial or ethernet. Even the ethernets which have = two >> high-availability routers on both ends along with the failover = address >> needing a total of 6 IPs plus 1 for your troubleshooting laptop. >> Configuring /124 every time allows you to standardize your >> configuration, the same way /64 standardizes the netmask on a LAN >> deployment. >>=20 >>=20 >>=20 >> One additional point not brought up: >>=20 >> Minimum assignment to a customer: /60. Never ever /64 or /128. How >> much more than a /60 you choose as your minimum is up to you. Common >> choices are /56 and /48. But never, ever less than a /60. Your >> customer will want to deploy a /64 to each LAN. And there are so many >> cases where he'll want to deploy more than one LAN. >>=20 >> I've noticed a lot of hosting providers getting this wrong. Some of >> your customers do create VPNs on their VPC you know. >>=20 >> Regards, >> Bill Herrin >>=20 >>=20 >> -- >> William Herrin ................ herrin@dirtside.com bill@herrin.us >> Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/>
home | help | back | first | fref | pref | prev | next | nref | lref | last | post |