[175149] in North American Network Operators' Group
Re: IPv6 Default Allocation - What size allocation are you giving out
daemon@ATHENA.MIT.EDU (Owen DeLong)
Thu Oct 9 16:41:05 2014
X-Original-To: nanog@nanog.org
From: Owen DeLong <owen@delong.com>
In-Reply-To: <CAPkb-7AeyvwJcZHsL8dAp3gm_fopq8a3xGxPfdG=gZZ9w=fqag@mail.gmail.com>
Date: Thu, 9 Oct 2014 13:38:00 -0700
To: Baldur Norddahl <baldur.norddahl@gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Oct 9, 2014, at 1:25 PM, Baldur Norddahl <baldur.norddahl@gmail.com> =
wrote:
> On 9 October 2014 22:01, Owen DeLong <owen@delong.com> wrote:
>=20
>>> Why do people assign addresses to point-to-point links at all? You =
can
>> just
>>> use a host /128 route to the loopback address of the peer. Saves you =
the
>>> hassle of coming up with new addresses for every link. Same trick =
works
>> for
>>> IPv4 too.
>>>=20
>>> Regards,
>>>=20
>>> Baldur
>>=20
>> <SARCASM>
>>=20
>> And it makes your trace-routes across parallel links oh so easy to
>> identify which of them is at fault for the packet loss, too.
>>=20
>> </SARCASM>
>>=20
>=20
> There are a ton of other technologies with the same problem. Do you =
never
> use link aggregation? My "parallel links" are all link aggregations, =
so I
> would not have a way to identify links by traceroute anyway.
Your design problems don=92t have to be mine.
Just because you have created that problem through another mechanism =
doesn=92t pose a reason anyone else should accept the same problem in a =
different circumstance.
> There are a number of good technical reasons to want distinct =
addresses on
>> point to point links.
>>=20
>=20
> I am sure there are. Tell me about them.
I gave you one. You decided to dismiss it on the basis of =93it wouldn=92t=
help me anyway because I use this other thing that is broken that way =
regardless.=94
Some others (not a conclusive list by any means):
Having public addresses in trace-routes, ideally with good =
reverse DNS is actually useful.
Clarity is almost always an advantage over obscurity when one is =
troubleshooting something.
Being able to ping the link address is useful for =
troubleshooting.
Being able to source packets from a particular link address can =
be useful for troubleshooting.
> I am not disputing that there are many reasons to sometimes use link
> addresses. My question is why do you do it by default?
>=20
> So far we have heard two arguments:
>=20
> 1) You can ping the link address. I assume his equipment will down the
> address if the link is down. My equipment does not do this, I can ping =
it
> as long it is administrative up no matter link status. So this test is
> useless to me. I am monitoring links by SNMP anyway.
I can=92t help that your equipment is ill-behaved at best. Perhaps you =
should consider alternatives.
I certainly don=92t think that designing everyone else=92s network to =
the level of brokenness in your particular environment is particularly =
valid.
>=20
> 2) Parallel links. I don't have many of those, and the ones I have are =
link
> aggregations. MPLS interferes with this too.
>=20
> On the other hand not using link addresses has some advantages:
>=20
> 1) You don't need to assign and document them.
Sure you do, it=92s just harder. You=92re now using essentially an =
=93unnumbered interface=94 which needs to be documented as such so that =
people know that when a given loopback shows up, it=92s not a unique =
identifier, but ambiguous across several interfaces.
> 2) It is easy to think about: Router A talks to Router B on link AB. =
Every
> router has only one address so you don't need to remember which =
address to
> use.
I don=92t have to remember which address to use normally. This is not an =
advantage.
I can always use the loopback address to talk to a router if my =
environment is correctly
functioning. If it is not, removing the ambiguity of unnumbered link =
addresses is more
helpful than being able to use one address for each router while unable =
to know how
traffic is actually flowing as a result.
> 3) You avoid having a lot of addresses configured on your router.
I don=92t see this as an advantage. For a number of reasons (some of =
which I have expressed above) it is, in fact, a disadvantage.
> 4) You are immune to all the NDP attacks.
No you aren=92t. You just change the nature of those attacks.
> 5) You are immune to the monthly NANOG debate about using /127 vs /126 =
vs
> /124 vs /64. The correct answer is clearly use /128 :-).
Except that it=92s clearly an incorrect answer, IMHO.
Owen
