[146938] in North American Network Operators' Group
Re: IPv6 prefixes longer then /64: are they possible in DOCSIS
daemon@ATHENA.MIT.EDU (Steven Bellovin)
Mon Nov 28 17:01:21 2011
From: Steven Bellovin <smb@cs.columbia.edu>
In-Reply-To: <03168C8F-5F29-4596-B835-3104B1B17530@delong.com>
Date: Mon, 28 Nov 2011 17:00:14 -0500
To: Owen DeLong <owen@delong.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Nov 28, 2011, at 4:51 52PM, Owen DeLong wrote:
>
> On Nov 28, 2011, at 7:29 AM, Ray Soucy wrote:
>
>> It's a good practice to reserve a 64-bit prefix for each network.
>> That's a good general rule. For point to point or link networks you
>> can use something as small as a 126-bit prefix (we do).
>>
>
> Technically, absent buggy {firm,soft}ware, you can use a /127. There's no
> actual benefit to doing anything longer than a /64 unless you have
> buggy *ware (ping pong attacks only work against buggy *ware),
> and there can be some advantages to choosing addresses other than
> ::1 and ::2 in some cases. If you're letting outside packets target your
> point-to-point links, you have bigger problems than neighbor table
> attacks. If not, then the neighbor table attack is a bit of a red-herring.
>
The context is DOCSIS, i.e., primarily residential cable modem users, and
the cable company ISPs do not want to spend time on customer care and
hand-holding. How are most v6 machines configured by default? That is,
what did Microsoft do for Windows Vista and Windows 7? If they're set for
stateless autoconfig, I strongly suspect that most ISPs will want to stick
with that and hand out /64s to each network. (That's apart from the larger
question of why they should want to do anything else...)
--Steve Bellovin, https://www.cs.columbia.edu/~smb
