[190634] in North American Network Operators' Group
Re: New Office, New Network. Questions.
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Wed Jul 13 14:54:05 2016
X-Original-To: nanog@nanog.org
To: Nikolai Petrov <prnpetrov@yandex.com>
From: Valdis.Kletnieks@vt.edu
In-Reply-To: <219581468326611@web8h.yandex.ru>
Date: Wed, 13 Jul 2016 14:53:55 -0400
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
--==_Exmh_1468436035_1989P
Content-Type: text/plain; charset=us-ascii
On Tue, 12 Jul 2016 15:30:11 +0300, Nikolai Petrov said:
> Is there any way to limit the amount of devices in a subnet to avoid problems
> and attacks? I don't think the equipment will work with 2^64 devices in a
> single subnet..
Sure. Just don't connect that many devices to one subnet, just the same as you
do in IPv4. No need to drop them all into one subnet. You got a /56, so you can
make 256 /64s out of it. Carve it up whatever way your cabling says to do it.
Maybe one subnet for your external router to all your in-building switches,
then each switch has a subnet for one floor/office suite/whatever and 1
interface on your organization-wide fabric. Maybe something else - but in
general you'll be using a subnet everyplace you'd use one in IPv4.
> So why are these addresses there? For installations not connected to the Internet?
Exactly. It's an attempt to avoid the current mess during corporate acquisitions
where they find out that both companies used 10.16.12.0/24 for different things.
> Is there a reason you use DHCPv6 and SLAAC? Is it for compatibility?
My laptop works just fine at both home and work just using SLAAC - I hit both
mostly to make sure that if I'm travelling and hit someplace where the routers
don't do SLAAC, I'll still configure.
And as I noted, I do it at least partially to stress-test for stuff like
network logging tools, to make sure they don't fall over if they see an address
that isn't either SLAAC or DHCPv6, and so on...
> Can I use the DHCPv4 to give out DNSv6 addresses?
No. You'll need to use either SLAAC or DHCPv6 for that.
--==_Exmh_1468436035_1989P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Exmh version 2.5 07/13/2001
iQIVAwUBV4aOQwdmEQWDXROgAQIAQhAAp4FmQNPnPciT1C0H7VbeUxbVOlPcsJvs
lRfyn4DHI3qgC/rvH/miaF0BvxcSHvIW1llZ/7YNnmRkTwazmYfAgp6H08gsFV1p
mT+kPN8n/9r3QnUNFhhIdUEWOnmcUnpphpj2hYbqT+LetH+KYvpJmTglOgd5fb+c
eLrHbmSwkT21HawDOhC6MSU1hKK6NNOkqeXg+ie24LxhCkZf+hCAcCwM+/DyFUmp
+YnGv3PiZXNS1H/c4DB5Q5RCvBN1QFLC4XlGjjS/MM8ol+6CFExafv7goHbNkL0O
x18hr4wbG4mWo1diYlYLtQ0WiavCD0IFm+aFexmd8L2HaE2PosV4pr22ha08zU1T
tSi4H+6tKmev1P19YS/lAl8WMLu1oy8BoaHUNaTBE3pG4nWO2m4jK7Ox0GOQ9C6R
ey00MYiKYJdTCDgRqyMJ20BTLat5AGb6prPnkf8qXrUhvQWdQAvBeNa/B43MHbDK
3vIGU7X0QyJQ7DCWnpmgAKkr3Ick8l5yFoawsvvBE6YldEWp2fBtJwhXNcMX36nv
5IWVmIAviMfS0XmEmm/ogzm4HQOkDFF7E8PL+LjJdReHTKrUPckdFs77ZQNsTPJ5
7Z+7CINy3AP3qGQXVqAjQh+0buzCqXaU+0eXPVqZGp57qz3lX9NHfsPMJu8VrRIq
7Lz3RUV1UaQ=
=jb5r
-----END PGP SIGNATURE-----
--==_Exmh_1468436035_1989P--
