[153419] in North American Network Operators' Group
Re: ipv6 book recommendations?
daemon@ATHENA.MIT.EDU (Owen DeLong)
Tue Jun 5 18:48:10 2012
From: Owen DeLong <owen@delong.com>
In-Reply-To: <B182CA14-BE18-4A66-B0CD-8309E73963AB@delong.com>
Date: Tue, 5 Jun 2012 15:41:27 -0700
To: Owen DeLong <owen@delong.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Apologies for the double post... Mistakenly hit send instead of cancel =
on the first one.
Owen
On Jun 5, 2012, at 3:32 PM, Owen DeLong wrote:
>=20
> On Jun 5, 2012, at 3:23 PM, William Herrin wrote:
>=20
>> On 6/5/12, Owen DeLong <owen@delong.com> wrote:
>>> On Jun 5, 2012, at 2:23 PM, William Herrin wrote:
>>>> c. If it's a point to point, a reasonable practice seems to be a =
/64
>>>> per network area and around /124 per link. Works OK for ethernet =
point
>>>> to points too.
>>>=20
>>> /64 is perfectly reasonable per point to point as well.
>>=20
>> Hi Owen,
>>=20
>> Sure, but with the neighbor discovery cache issues that come up with
>> /64's under attack, why open yourself to trouble where you can't
>> realize any benefit?
>>=20
>=20
> It makes little sense to me to permit people outside your network
> to deliver packets to your point to point interfaces. Denying this
> traffic at your borders/edges eliminates all of the attacks without
> having to juggle inconsistent prefix sizes or do silly bit-math to
> figure out which address is at the other end of the link.
>=20
> Owen
>=20
