|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
X-Original-To: nanog@nanog.org To: William Herrin <bill@herrin.us>, Matthew Huff <mhuff@ox.com> From: joel jaeggli <joelja@bogus.com> Date: Tue, 17 Jan 2017 14:07:40 -0800 In-Reply-To: <CAP-guGU=wpM_1ANAXtsJy9QMB-MUG1b4vxOm1J=mPxMXXTuQzA@mail.gmail.com> Cc: "nanog@nanog.org" <nanog@nanog.org> Errors-To: nanog-bounces@nanog.org This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --NdgqD8NolU5H51eMJ8xBT7koRmnIL1Nle From: joel jaeggli <joelja@bogus.com> To: William Herrin <bill@herrin.us>, Matthew Huff <mhuff@ox.com> Cc: "nanog@nanog.org" <nanog@nanog.org> Message-ID: <3f893c5b-c03a-6270-2940-0920c53363b3@bogus.com> Subject: Re: Questions on IPv6 deployment References: <742C49EB-205D-4C96-BF96-DD61B361BE21@corp.crocker.com> <CAPDTRij3mSag+jyc_wj8LSy=qhv=C_sSCBf=uE8JWc-juG4GHQ@mail.gmail.com> <CAPDTRiis85k9vC22WqOt77G+qbWqFJD8eQ9O0Yi=XNFAdQHQ_Q@mail.gmail.com> <CAP-guGX05D26WO8YexyVX+jiH5Ghk4uy5K4NKcjij67ybCoUGQ@mail.gmail.com> <7df96f3fbe704d7b92e43da732c73be5@pur-vm-exch13n1.ox.com> <CAP-guGU=wpM_1ANAXtsJy9QMB-MUG1b4vxOm1J=mPxMXXTuQzA@mail.gmail.com> In-Reply-To: <CAP-guGU=wpM_1ANAXtsJy9QMB-MUG1b4vxOm1J=mPxMXXTuQzA@mail.gmail.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 1/17/17 1:55 PM, William Herrin wrote: > On Tue, Jan 17, 2017 at 4:07 PM, Matthew Huff <mhuff@ox.com> wrote: >> The reason for allocating a /64 for a point to point link is due to va= rious denial of service attack vectors. if you mean allocating a /127, then... sure. Neighbor discovery on point to point links could be a problem as is the poential for looping behavior . There are of course ways other than allocating a longer prefix to a point to point link to achieve that,=20 e.g. disabling it. among other things You have to disable DAD anyway if you ever plan to loop them up for testing. these are detailed in https://tools.ietf.org/html/rfc6164 >> Hi Matthew, >> >> I'm always interested in learning something new. Please explain the >> DOS vectors you're referring to and how they're mitigated by >> allocating a /64 to the point to point link. >> >> >> Just do it. > No. But if you offer a good reason, I'll factor your reason in to my > considerations. > > Regards, > Bill Herrin > --NdgqD8NolU5H51eMJ8xBT7koRmnIL1Nle Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iEYEARECAAYFAlh+la0ACgkQ8AA1q7Z/VrKegQCffHmnoiS7Gs0DaKQxG+kHU07n uXAAnRywq4e+bBu8h5qJJZsmowUCKXoB =irAk -----END PGP SIGNATURE----- --NdgqD8NolU5H51eMJ8xBT7koRmnIL1Nle--
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |