[147049] in North American Network Operators' Group
Re: Link local for P-t-P links? (Was: IPv6 prefixes longer then /64:
daemon@ATHENA.MIT.EDU (Jeff Wheeler)
Thu Dec 1 03:37:58 2011
In-Reply-To: <CAAAas8Hu5HLVjf+Xx9edF_J_fTm8JmSFnGsSQJVb405y3htr=Q@mail.gmail.com>
Date: Thu, 1 Dec 2011 03:36:13 -0500
From: Jeff Wheeler <jsw@inconcepts.biz>
To: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Wed, Nov 30, 2011 at 9:15 PM, Mike Jones <mike@mikejones.in> wrote:
> Link-Local?
>
> For "true" P-t-P links I guess you don't need any addresses on the
Point-to-point links in your backbone are by far the easiest thing to
defend against this attack. I wish we would steer the discussion away
from point-to-point links that are entirely within the control of the
operator, as this is really quite well understood. Major ISPs
including Level3 are already doing /126 to their customers today as
well. In fact, Level3 does not even reserve a /64, they will hand out
::0/126 to one customer on a given access router, ::4/126 to the next.
It clearly works.
The access layer for non point-to-point customers, on the other hand,
is less well-understood. That's why we keep having these discussions.
Getting customers (and their device/software) to work correctly with
link-local addressing and DHCP-PD or similar is going to be an uphill
battle in a hosting environment. It also breaks down immediately if
the hosting customer, for example, wishes to use ND to be able to
provision addresses on two or more servers from a common subnet. So
there are both perception and practical problems / limitations with
this approach. I'm not saying it's a bad idea, but it won't work in
some instances.
--=20
Jeff S Wheeler <jsw@inconcepts.biz>
Sr Network Operator=A0 /=A0 Innovative Network Concepts
