[146942] in North American Network Operators' Group
Re: IPv6 prefixes longer then /64: are they possible in DOCSIS
daemon@ATHENA.MIT.EDU (Brzozowski, John)
Mon Nov 28 17:40:51 2011
From: "Brzozowski, John" <John_Brzozowski@Cable.Comcast.com>
To: Steven Bellovin <smb@cs.columbia.edu>, Owen DeLong <owen@delong.com>
Date: Mon, 28 Nov 2011 22:39:13 +0000
In-Reply-To: <7ECD6B0E-D104-4B10-8729-79F1AD7363BD@cs.columbia.edu>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
I mentioned this in an earlier reply. CM vs CPE vs CPE router are all
different use cases. From a CPE or CPE router point of view SLAAC will
likely not be used to provisioned devices, stateful DHCPv6 is required.
As such Vista/7 machines that are directly connected to cable modems will
receive an IPv6 address and configuration options via stateful DHCPv6.
The same now applies to OSX Lion.
I do agree that many host implementations have been built around /64
assumptions and departures from the same at this time will seemingly
introduce more problems that benefits.
John
On 11/28/11 5:00 PM, "Steven Bellovin" <smb@cs.columbia.edu> wrote:
>
>On Nov 28, 2011, at 4:51 52PM, Owen DeLong wrote:
>
>>=20
>> On Nov 28, 2011, at 7:29 AM, Ray Soucy wrote:
>>=20
>>> It's a good practice to reserve a 64-bit prefix for each network.
>>> That's a good general rule. For point to point or link networks you
>>> can use something as small as a 126-bit prefix (we do).
>>>=20
>>=20
>> Technically, absent buggy {firm,soft}ware, you can use a /127. There's
>>no
>> actual benefit to doing anything longer than a /64 unless you have
>> buggy *ware (ping pong attacks only work against buggy *ware),
>> and there can be some advantages to choosing addresses other than
>> ::1 and ::2 in some cases. If you're letting outside packets target your
>> point-to-point links, you have bigger problems than neighbor table
>> attacks. If not, then the neighbor table attack is a bit of a
>>red-herring.
>>=20
>
>The context is DOCSIS, i.e., primarily residential cable modem users, and
>the cable company ISPs do not want to spend time on customer care and
>hand-holding. How are most v6 machines configured by default? That is,
>what did Microsoft do for Windows Vista and Windows 7? If they're set for
>stateless autoconfig, I strongly suspect that most ISPs will want to stick
>with that and hand out /64s to each network. (That's apart from the
>larger
>question of why they should want to do anything else...)
>
>
> --Steve Bellovin, https://www.cs.columbia.edu/~smb
>
>
>
>
>
>
