[193437] in North American Network Operators' Group
Re: Questions on IPv6 deployment
daemon@ATHENA.MIT.EDU (Owen DeLong)
Tue Jan 17 16:12:17 2017
X-Original-To: nanog@nanog.org
From: Owen DeLong <owen@delong.com>
In-Reply-To: <7df96f3fbe704d7b92e43da732c73be5@pur-vm-exch13n1.ox.com>
Date: Tue, 17 Jan 2017 13:12:06 -0800
To: Matthew Huff <mhuff@ox.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
I think you mean /127 since a /128 would not support 2 points on the =
point to point.
Owen
> On Jan 17, 2017, at 13:07 , Matthew Huff <mhuff@ox.com> wrote:
>=20
> The reason for allocating a /64 for a point to point link is due to =
various denial of service attack vectors. Just do it. The numbers in =
IPv6 are staggering. The generally accepted best practice is to allocate =
a /64 and use a /128 within that /64 for point to point links.
>=20
> ----
> Matthew Huff | 1 Manhattanville Rd
> Director of Operations | Purchase, NY 10577
> OTA Management LLC | Phone: 914-460-4039
> aim: matthewbhuff | Fax: 914-694-5669
>=20
>=20
>> -----Original Message-----
>> From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of William
>> Herrin
>> Sent: Tuesday, January 17, 2017 4:02 PM
>> To: Michael Still <stillwaxin@gmail.com>
>> Cc: nanog@nanog.org
>> Subject: Re: Questions on IPv6 deployment
>>=20
>> On Tue, Jan 17, 2017 at 12:48 PM, Michael Still =
<stillwaxin@gmail.com>
>> wrote:
>>> http://nabcop.org/index.php/IPv6_Subnetting
>>=20
>> That's overall good advice. I quibble with a couple of points:
>>=20
>> 1. If you plan to use a /126 on a point to point and can't imagine =
how
>> you would use a /64 on that point to point, don't allocate a /64. =
Odds
>> are that by the time you can imagine some way to use a /64 there, the
>> details will require you to assign a new block anyway.
>>=20
>> Why be concerned about resource consumption? Because it's a good
>> habit. Don't overdo it, IPv6 is not resource constrained the way IPv4
>> is, but shrewd use of available resources is a good habit even when
>> resources are plentiful.
>>=20
>> 2. Make all your point to points /124. That will work for all your
>> point to points. Serial or ethernet. Even the ethernets which have =
two
>> high-availability routers on both ends along with the failover =
address
>> needing a total of 6 IPs plus 1 for your troubleshooting laptop.
>> Configuring /124 every time allows you to standardize your
>> configuration, the same way /64 standardizes the netmask on a LAN
>> deployment.
>>=20
>>=20
>>=20
>> One additional point not brought up:
>>=20
>> Minimum assignment to a customer: /60. Never ever /64 or /128. How
>> much more than a /60 you choose as your minimum is up to you. Common
>> choices are /56 and /48. But never, ever less than a /60. Your
>> customer will want to deploy a /64 to each LAN. And there are so many
>> cases where he'll want to deploy more than one LAN.
>>=20
>> I've noticed a lot of hosting providers getting this wrong. Some of
>> your customers do create VPNs on their VPC you know.
>>=20
>> Regards,
>> Bill Herrin
>>=20
>>=20
>> --
>> William Herrin ................ herrin@dirtside.com bill@herrin.us
>> Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/>
