[121708] in North American Network Operators' Group
RE: Using /126 for IPv6 router links
daemon@ATHENA.MIT.EDU (Matt Addison)
Mon Jan 25 11:33:34 2010
Date: Mon, 25 Jan 2010 11:33:04 -0500
In-Reply-To: <CDD0C3CC-8FAD-43D6-A3CF-C495EA6749FE@mironet.ch>
From: "Matt Addison" <maddison@lightbound.net>
To: <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> From: Mathias Seiler [mailto:mathias.seiler@mironet.ch]
> Subject: Re: Using /126 for IPv6 router links
>=20
> Ok let's summarize:
>=20
> /64:
> + Sticks to the way IPv6 was designed (64 bits host part)
> + Probability of renumbering very low
> + simpler for ACLs and the like
> + rDNS on a bit boundary
>=20
> <> You can give your peers funny names, like 2001:db8::dead:beef ;)
>=20
> - Prone to attacks (scans, router CPU load)
> - "Waste" of addresses
> - Peer address needs to be known, impossible to guess with 2^64
> addresses
>=20
>=20
> /126
> + Only 4 addresses possible (memorable, not so error-prone at
> configuration-time and while debugging)
> + Not prone to scan-like attacks
>=20
> - Not on a bit boundary, so more complicated for ACLs and ...
> - ... rDNS
> - Perhaps need to renumber into /64 some time.
> - No 64 bits for hosts
You're forgetting Matthew Petach's suggestion- reserve/assign a /64 for
each PtP link, but only configure the first /126 (or whatever /126 you
need to get an amusing peer address) on the link.=20
+ Sticks to the way IPv6 was designed (64 bits host part- even if
it isn't all configured)
+ Probability of renumbering very low
+ simpler for ACLs and the like
+ rDNS on a bit boundary
+ Only 4 addresses possible (memorable, not so error-prone at
configuration-time and while debugging)
+ Not prone to scan-like attacks
+ Easy to renumber into a /64 if you need to
- "Waste" of addresses
Seems to be a fairly good compromise, unless there's something I missed.
~Matt
