IPv6 prefixes longer then /64: are they possible in DOCSIS networks?

• Previous message (by thread): IPv6 prefixes longer then /64: are they possible in DOCSIS networks?
• Next message (by thread): IPv6 prefixes longer then /64: are they possible in DOCSIS networks?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

And here is another useful resource:
http://csrc.nist.gov/publications/nistpubs/800-119/sp800-119.pdf,
particularly chapter 6.1.3 Vulnerabilities in IPv6.


Dmitry Cherkasov



2011/11/29 Victor Kuarsingh <victor.kuarsingh at gmail.com>:
> Dmitry et al,
>
> I found Jeff's following comments to be quite insightful for general
> practices.
>
> http://www.networkcomputing.com/ipv6-tech-center/231600717
>
> http://www.networkcomputing.com/ipv6-tech-center/231700160
>
> As for using 127s on P2P links....
>
> He discussed reasoning behind using /64s, concerns related to "waste", ND
> exploits and
> other points as noted in RFC6164. - directed
>
> Regards,
>
> Victor K
>
> On 11-11-29 7:58 AM, "Dmitry Cherkasov" <doctorchd at gmail.com> wrote:
>
>>Thanks to everybody participating in the discussion.
>>I try to summarize.
>>
>>1) There is no any obvious benefit of using longer prefixes then /64
>>in DOCSIS networks yet there are no definite objections to use them
>>except that it violates best practices and may lead to some problems
>>in the future
>>
>>2) DHCPv6 server can use any algorithm to generate interface ID part
>>of the address, and EUI-64 may be just one of them that can be useful
>>for keeping correspondence between MAC and IPv6 addresses. Yet if we
>>use EUI-64 we definitely need to use /64 prefix
>>
>>3) Using /64 networks possesses potential security threat related to
>>neighbor tables overflow. This is wide IPv6 problem and not related to
>>DOCSIS only
>>
>>There were also notes about address usage on link networks. Though
>>this was out of the scope of original question it is agreed that using
>>/64 is not reasonable here. BTW, RFC6164 (Using 127-Bit IPv6 Prefixes
>>on Inter-Router Links) can be mentioned here.
>>
>>
>>Dmitry Cherkasov
>>
>>
>>
>>2011/11/29 Dmitry Cherkasov <doctorchd at gmail.com>:
>>> Tore,
>>>
>>> To comply with this policy we delegate at least /64 to end-users
>>> gateways. But this policy does not cover the network between WAN
>>> interfaces of CPE and ISP access gateway.
>>>
>>> Dmitry Cherkasov
>>>
>>>
>>>
>>> 2011/11/29 Tore Anderson <tore.anderson at redpill-linpro.com>:
>>>> * Dmitry Cherkasov
>>>>
>>>>> I am determining technical requirements to IPv6 provisioning system
>>>>> for DOCSIS networks and I am deciding if it is worth to restrict user
>>>>> to use not less then /64 networks on cable interface. It is obvious
>>>>> that no true economy of IP addresses can be achieved with increasing
>>>>> prefix length above 64 bits.
>>>>
>>>> I am not familiar with DOCSIS networks, but I thought I'd note that in
>>>> order to comply with the RIPE policies, you must assign at least a /64
>>>> or shorter to each end user:
>>>>
>>>> http://www.ripe.net/ripe/docs/ripe-523#assignment_size
>>>>
>>>> --
>>>> Tore Anderson
>>>> Redpill Linpro AS - http://www.redpill-linpro.com
>>
>
>

• Previous message (by thread): IPv6 prefixes longer then /64: are they possible in DOCSIS networks?
• Next message (by thread): IPv6 prefixes longer then /64: are they possible in DOCSIS networks?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]