[146981] in North American Network Operators' Group
Re: IPv6 prefixes longer then /64: are they possible in DOCSIS
daemon@ATHENA.MIT.EDU (Owen DeLong)
Tue Nov 29 23:25:40 2011
From: Owen DeLong <owen@delong.com>
In-Reply-To: <DEBECAC9A6D5224D95078F3CDC36225809C431@TKMNAEXCH.thyssenna.com>
Date: Tue, 29 Nov 2011 20:22:45 -0800
To: "McCall, Gabriel" <Gabriel.McCall@thyssenkrupp.com>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
A /112 is almost as bad for the ND attacks as a /64, so, I don't see any =
reason to use a /112 at all.
IMHO, the preferred link network sizes for IPv6 are, in order, /64, =
/127, /126, /112.
Since there's no downside to the first one so long as you take proper =
precautions about ND attacks,
most environments can stop there. If you are actually worried about ND, =
then consider /127. The
only reason to avoid it is if you have routers with code implementing =
RFCs that have been
deprecated for more than 5 years. Better to update your code, but, if =
you can't, move to /126.
It's a silly number, but, at least it's a little less silly than /112.
Owen
On Nov 29, 2011, at 9:00 AM, McCall, Gabriel wrote:
> Note that /127 is strongly discouraged in RFC5375 and RFC3627. 3627 =
suggests using /112 for router links, or /126 at the very most.
>=20
> -----Original Message-----
> From: Fred Baker [mailto:fred@cisco.com]=20
> ...
> I see no reason you couldn't use a /127 prefix if the link was point =
to point.
> ...=20
>=20
