subnet prefix length > 64 breaks IPv6?

Sven Olaf Kamphuis sven at cb3rob.net
Sat Dec 24 15:44:41 UTC 2011


things that -do- break on ipv6 a lot (not nessesarily related to the /64 
thing) are premature protocols like ospf6 and ripng that for some magic 
reason refuse to work on point-to-point (as opposed to putting the 
interface in broadcast mode, like ethernet) interfaces without 
(additional) link-local addresses, despite the option to clearly specify 
the interface and/or address of the peer and/or address ranges they should 
work on (these do not nessesarily have to be /64, but they do need to be 
scope link local and start with a multicast prefix).

also various bgp implementations will send the autoconfigure crap ip as 
the next-hop instead of the session ip, resulting in all kinds of crap in 
your route table (if not fixed with nasty hacks on your end ;) which 
doesn't exactly make it easy to figure out which one belongs to which peer
all the more reason not to use that autoconfigure crap ;)

on the whole, ipv6 simply still needs a -lot- of work.

for those that do want autoconfigure (workstations?) , a proper dhcp 
implementation would be preferred over keeping that RA stuff around in 
future implementations of the v6 stack, as far as we're concerned, it can 
go the way of the dinosaur (already ;)

On Sat, 24 Dec 2011, Sven Olaf Kamphuis wrote:

> it only breaks the auto configure crap which you don't want to use anyway.
>
> (unless you want to have any computer on your network be able to tell any 
> other computer "oh hai i'm a router, please route all your packets through me 
> so i can intercept them" and/or flood its route table ;)
>
> we use all kinds of things from /126'es to /112 (but hardly any /64 crap)
>
> works perfectly fine.
>
> as long as its nibble aligned (for other reasons ;)
>
> -- 
> Greetings,
>
> Sven Olaf Kamphuis,
> CB3ROB Ltd. & Co. KG
> =========================================================================
> Address: Koloniestrasse 34         VAT Tax ID:      DE267268209
>         D-13359                   Registration:    HRA 42834 B
>         BERLIN                    Phone:           +31/(0)87-8747479
>         Germany                   GSM:             +49/(0)152-26410799
> RIPE:    CBSK1-RIPE                e-Mail:          sven at cb3rob.net
> =========================================================================
> <penpen> C3P0, der elektrische Westerwelle
> http://www.facebook.com/cb3rob
> =========================================================================
>
> Confidential: Please be advised that the information contained in this
> email message, including all attached documents or files, is privileged
> and confidential and is intended only for the use of the individual or
> individuals addressed. Any other use, dissemination, distribution or
> copying of this communication is strictly prohibited.
>
>
> On Sat, 24 Dec 2011, Glen Kent wrote:
>
>> Hi,
>> 
>> I am trying to understand why standards say that "using a subnet
>> prefix length other than a /64 will break many features of IPv6,
>> including Neighbor Discovery (ND), Secure Neighbor Discovery (SEND)
>> [RFC3971], .. " [reference RFC 5375]
>> 
>> Or "A number of other features currently in development, or being
>> proposed, also rely on /64 subnet prefixes."
>> 
>> Is it because the 128 bits are divided into two 64 bit halves, where
>> the latter identifies an Interface ID which is uniquely derived from
>> the 48bit MAC address.
>> 
>> I am not sure if this is the reason as this only applies to the link
>> local IP address. One could still assign a global IPv6 address. So,
>> why does basic IPv6 (ND process, etc) break if i use a netmask of say
>> /120?
>> 
>> I know that several operators use /120 as a /64 can be quite risky in
>> terms of ND attacks. So, how does that work? I tried googling but
>> couldnt find any references that explain how IPv6 breaks with using a
>> netmask other than 64.
>> 
>> Glen
>> 
>




More information about the NANOG mailing list