subnet prefix length > 64 breaks IPv6?

Kevin Loch kloch at kl.net
Thu Dec 29 19:03:02 UTC 2011


Iljitsch van Beijnum wrote:
> On 24 Dec 2011, at 6:32 , Glen Kent wrote:
> 
>> I am trying to understand why standards say that "using a subnet
>> prefix length other than a /64 will break many features of IPv6,
>> including Neighbor Discovery (ND), Secure Neighbor Discovery (SEND)
>> [RFC3971], .. " [reference RFC 5375]
> 
> For stateless autoconfig the issue is that it uses 64-bit "interface identifiers" (~ MAC addresses) that are supposed to be globally unique. You can't shave off bits and remain globally unique.
> 
> With SEND a cryptographic hash that can be used to determine address ownership is stored in the interface identifier. Here shaving off addresses reduces security.
> 
> Also somehow the rule that all normal address space must use 64-bit interface identifiers found its way into the specs for no reason that I have ever been able to uncover. On the other hand there's also the rule that IPv6 is classless and therefore routing on any prefix length must be supported, although for some implementations forwarding based on > /64 is somewhat less efficient.
> 

The 64 bit "mattress tag" is one of the cute historical quirks of IPv6.
Of course in practice we use all sorts of longer prefixes for the same
reasons we do in IPv4:  Loopback ips, Limiting the scope of
infrastructure links and server subnets, the many uses of more specific
static routes, null routes (including the very important /128 ddos
blackhole).

The good news is that vendors recognized the need to efficiently route
all 128 bits.  Is there any known platform that does not?  I'm starting
to think this is an ancient myth that keeps resurfacing.

- Kevin




More information about the NANOG mailing list