[146952] in North American Network Operators' Group
Re: IPv6 prefixes longer then /64: are they possible in DOCSIS
daemon@ATHENA.MIT.EDU (Dmitry Cherkasov)
Tue Nov 29 07:10:20 2011
In-Reply-To: <7ECD6B0E-D104-4B10-8729-79F1AD7363BD@cs.columbia.edu>
Date: Tue, 29 Nov 2011 14:09:24 +0200
From: Dmitry Cherkasov <doctorchd@gmail.com>
To: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Steven,
SLAAC is prohibited for using in DOCSIS networks, router
advertisements that allow SLAAC must be ignored by end-devices,
therefore DHCPv6 is the only way of configuring (if not talking about
statical assignment). I have seen at least Windows7 handling this
properly in its default configuration: it starts DHCPv6 negotiation
instead of auto-configuration.
Dmitry Cherkasov
2011/11/29 Steven Bellovin <smb@cs.columbia.edu>:
>
> On Nov 28, 2011, at 4:51 52PM, Owen DeLong wrote:
>
>>
>> On Nov 28, 2011, at 7:29 AM, Ray Soucy wrote:
>>
>>> It's a good practice to reserve a 64-bit prefix for each network.
>>> That's a good general rule. =C2=A0For point to point or link networks y=
ou
>>> can use something as small as a 126-bit prefix (we do).
>>>
>>
>> Technically, absent buggy {firm,soft}ware, you can use a /127. There's n=
o
>> actual benefit to doing anything longer than a /64 unless you have
>> buggy *ware (ping pong attacks only work against buggy *ware),
>> and there can be some advantages to choosing addresses other than
>> ::1 and ::2 in some cases. If you're letting outside packets target your
>> point-to-point links, you have bigger problems than neighbor table
>> attacks. If not, then the neighbor table attack is a bit of a red-herrin=
g.
>>
>
> The context is DOCSIS, i.e., primarily residential cable modem users, and
> the cable company ISPs do not want to spend time on customer care and
> hand-holding. =C2=A0How are most v6 machines configured by default? =C2=
=A0That is,
> what did Microsoft do for Windows Vista and Windows 7? =C2=A0If they're s=
et for
> stateless autoconfig, I strongly suspect that most ISPs will want to stic=
k
> with that and hand out /64s to each network. =C2=A0(That's apart from the=
larger
> question of why they should want to do anything else...)
>
>
> =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0--Steve Bellovin, =
https://www.cs.columbia.edu/~smb
>
>
>
>
>
>
