[168544] in North American Network Operators' Group
Re: ipv6 newbie question
daemon@ATHENA.MIT.EDU (Owen DeLong)
Wed Jan 29 13:13:56 2014
In-Reply-To: <1391016925.68774.YahooMailNeo@web140703.mail.bf1.yahoo.com>
From: Owen DeLong <owen@delong.com>
Date: Wed, 29 Jan 2014 13:03:48 -0500
To: Philip Lavine <source_route@yahoo.com>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
There are tradeoffs in both directions.
Personally I think administrative simplicity wins over security through obsc=
urity, so I recommend each organization pick a random pair of static address=
es and use those two addresses for all of their point to point links.
e.g. If your prefix for a given link is 2001:db8:xxxx:yyyy::/64, and you ran=
domly choose the suffixes dead:beef:cafe:babe and dead:beef:cafe:feed as you=
r end-point addresses, then the links would be numbered 2001:db8:xxxx:yyyy:d=
ead:beef:cafe:{babe,feed}.
YMMV and I don't recommend using my examples in practice.
Owen
> On Jan 29, 2014, at 12:35 PM, Philip Lavine <source_route@yahoo.com> wrote=
:
>=20
> =20
>=20
> =20
> Is it best practice to have the internet facing BGP router's peering ip (o=
r for that matter any key gateway or security appliance) use a statically co=
nfigured address or use EUI-64 auto config?
>=20
> I have seen comments on both sides and am leaning to EUI-64 (except for th=
e VIP's like the ASA's failover ip )
>=20
> -Philip
