[121826] in North American Network Operators' Group
Re: Using /126 for IPv6 router links
daemon@ATHENA.MIT.EDU (Dale W. Carder)
Thu Jan 28 00:25:03 2010
Date: Wed, 27 Jan 2010 23:24:48 -0600
From: "Dale W. Carder" <dwcarder@wisc.edu>
In-reply-to: <Pine.LNX.4.64.1001271439560.22460@moonbase.nullrouteit.net>
To: Igor Gashinsky <igor@gashinsky.net>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jan 27, 2010, at 3:19 PM, Igor Gashinsky wrote:
> you face 2 major issues with not using /127 for
> PtP-type circuits:
>
> 1) ping-ponging of packets on Sonet/SDH links
>
> Let's say you put 2001:db8::0/64 and 2001:db8::1/64 on a PtP
> interface, and somebody comes along and ping floods 2001:db8::2,
> those packets will bounce back and forth between the 2 sides of
> the link till TTL expires (since there is no address resolution
> mechanism in PtP, so it just forwards packets not destined for
> "him" on).
Following this, IPv4 /30 would have the same problem vs /31?
> 2) ping sweep of death
>
> Take the same assumption for addressing as above, and now ping
> sweep 2001:db8::/64... if the link is ethernet, well, hope you
> didn't have any important arp entries that the router actually
> needed to learn.
Wouldn't this affect *all* /64's configured on a router, not
just point to point links? Time for glean rate limiting.
If you were really concerned, you could hard code static NDP
entries, as I think someone else pointed out.
Dale
