[195148] in North American Network Operators' Group
Re: Point 2 point IPs between ASes
daemon@ATHENA.MIT.EDU (William Herrin)
Wed Jun 28 11:03:31 2017
X-Original-To: nanog@nanog.org
X-Really-To: <nanog@nanog.org>
In-Reply-To: <F65C7EBE548EA94E8D86C0E31727CDF479416E16@PRIFRTEXCH02.ca.primus>
From: William Herrin <bill@herrin.us>
Date: Wed, 28 Jun 2017 11:03:01 -0400
To: Krunal Shah <KShah@primustel.ca>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Hello,
The common recommendations for IPv6 point to point interface numbering are:
/64
/124
/126
/127
/64:
Advantages: conforms to IPv6 standard for a LAN link
Disadvantages: DOS threats against this design. Looping on a true ptp
circuit. Neighbor discovery issues.
/124:
Advantages: supports multiple routers on each end of the circuit. Conforms
to nibble assignment boundary that helps keep address assignments clean and
comprehensible.
Disadvantages: ancient hardware that barely supports IPv6 may have trouble
efficiently handling routes longer than /64.
/126:
Advantages: equivalent to an IPv4 /30 with exactly the same functionality.
Disadvantages: equivalent to an IPv4 /30 with exactly the same
functionality.
/127:
Advantages: saves that extra pair of IP addresses.
Disadvantages: complicates configuration just to save two IPv6 addresses.
Enhancements:
For /124, /126 and /127: allocate all of your addresses for every router in
the system from the same /64. Use router ACLs to control entry of packets
directed to that /64. Nice clean way to stop hackers from poking at your
routers.
Regards,
Bill Herrin
On Tue, Jun 27, 2017 at 4:28 PM, Krunal Shah <KShah@primustel.ca> wrote:
> Hello,
>
> What subnet mask you are people using for point to point IPs between two
> ASes? Specially with IPv6, We have a transit provider who wants us to use
> /64 which does not make sense for this purpose. isn=E2=80=99t it recommen=
ded to use
> /127 as per RFC 6164 like /30 and /31 are common for IPv4.
>
> I was thinking, if someone is using RFC7404 for point to point IP between
> two ASes and establish BGP over link local addresses. This way you have
> your own IP space on your router and transit provider does not have to
> allocate IP space for point to point interface between two ASes. In
> traceroutes you would see only loopback IP address with GUA assigned from
> your allocated routable address space. Remotely DDoS to this link isn=E2=
=80=99t
> possible this way. Thoughts?
>
>
>
> [Description: cid:image010.png@01D1ECB6.5D17D120]<https://primus.ca/>
>
>
>
>
>
> Krunal Shah
> Network Analyst, IP & Transport Network Engineering
> O: 416-855-1805
> kshah@primustel.ca
>
>
>
>
>
> [Description: cid:image011.png@01D1ECB6.5D17D120]<https://primus.ca/>
> [Description: cid:image012.png@01D1ECB6.5D17D120] <https://twitter.com/
> Primus4Business> [Description: cid:image013.png@01D1ECB6.5D17D120] <
> https://www.facebook.com/primusforbusiness> [Description:
> cid:image014.png@01D1ECB6.5D17D120] <https://www.linkedin.com/
> company/primus-telecommunications-canada-inc->
>
>
>
> ________________________________
>
> This electronic message contains information from Primus Management ULC
> ("PRIMUS") , which may be legally privileged and confidential. The
> information is intended to be for the use of the individual(s) or entity
> named above. If you are not the intended recipient, be aware that any
> disclosure, copying, distribution or use of the contents of this
> information is prohibited. If you have received this electronic message i=
n
> error, please notify us by telephone or e-mail (to the number or address
> above) immediately. Any views, opinions or advice expressed in this
> electronic message are not necessarily the views, opinions or advice of
> PRIMUS. It is the responsibility of the recipient to ensure that any
> attachments are virus free and PRIMUS bears no responsibility for any los=
s
> or damage arising in any way from the use thereof.The term "PRIMUS"
> includes its affiliates.
>
> ________________________________
> Pour la version en fran=C3=A7ais de ce message, veuillez voir
> http://www.primustel.ca/fr/legal/cs.htm
>
--=20
William Herrin ................ herrin@dirtside.com bill@herrin.us
Dirtside Systems ......... Web: <http://www.dirtside.com/>
