[147923] in North American Network Operators' Group
Re: subnet prefix length > 64 breaks IPv6?
daemon@ATHENA.MIT.EDU (Iljitsch van Beijnum)
Wed Dec 28 06:24:45 2011
From: Iljitsch van Beijnum <iljitsch@muada.com>
In-Reply-To: <CAPLq3UPJqwrqeOJornSAEQjNa=b7BOB6r3XZWugHUGyLAsq9Wg@mail.gmail.com>
Date: Wed, 28 Dec 2011 12:23:44 +0100
To: Glen Kent <glen.kent@gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 24 Dec 2011, at 6:32 , Glen Kent wrote:
> I am trying to understand why standards say that "using a subnet
> prefix length other than a /64 will break many features of IPv6,
> including Neighbor Discovery (ND), Secure Neighbor Discovery (SEND)
> [RFC3971], .. " [reference RFC 5375]
For stateless autoconfig the issue is that it uses 64-bit "interface =
identifiers" (~ MAC addresses) that are supposed to be globally unique. =
You can't shave off bits and remain globally unique.
With SEND a cryptographic hash that can be used to determine address =
ownership is stored in the interface identifier. Here shaving off =
addresses reduces security.
Also somehow the rule that all normal address space must use 64-bit =
interface identifiers found its way into the specs for no reason that I =
have ever been able to uncover. On the other hand there's also the rule =
that IPv6 is classless and therefore routing on any prefix length must =
be supported, although for some implementations forwarding based on > =
/64 is somewhat less efficient.=
