[121776] in North American Network Operators' Group
RE: Using /126 for IPv6 router links
daemon@ATHENA.MIT.EDU (Igor Gashinsky)
Tue Jan 26 19:43:19 2010
Date: Tue, 26 Jan 2010 19:33:17 -0500 (EST)
From: Igor Gashinsky <igor@gashinsky.net>
To: Matt Addison <maddison@lightbound.net>
In-Reply-To: <DC5B236BCDAABA4C87C86F962FFCC54102B83410@exchange.iquest.org>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mon, 25 Jan 2010, Matt Addison wrote:
:: You're forgetting Matthew Petach's suggestion- reserve/assign a /64 for
:: each PtP link, but only configure the first /126 (or whatever /126 you
:: need to get an amusing peer address) on the link.
Matt meant "reserve/assign a /64 for each PtP link, but only configure the
first */127* of the link", as that's the only way to fully mitigate the
scanning-type attacks (with a /126, there is still the possibility of
ping-pong on a p-t-p interface) w/o using extensive ACLs..
Anyways, that's what worked for us, and, as always, YMMV...
-igor
