IPv6 prefixes longer then /64: are they possible in DOCSIS networks?

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Tue Nov 29 10:28:57 CST 2011


On Tue, 29 Nov 2011 03:23:04 EST, Jeff Wheeler said:
> On Tue, Nov 29, 2011 at 1:43 AM,  <Valdis.Kletnieks at vt.edu> wrote:
> > It's worked for us since 1997. We've had bigger problems with IPv4 worms
>
> That's not a reason to deny that the problem exists.  It's even
> fixable.  I'd prefer that vendors fixed it *before* there were massive
> botnet armies with IPv6 connectivity, but in case they don't, I do not
> deploy /64.

Umm.. Jeff? I never *tried* to deny the problem exists.  But if you have an
eyeball-heavy network, it's hard to not deploy /64s (currently, we do SLAAC to
get the basic config, and DNS/etc is still via dhcp4/IPv4).  We just see the
business danger of waiting to start deploying IPv6 till the vendors are perfect
as being a bigger danger than the ND exhaustion issue. (How many years did we
go with ARP and DHCP spoofing being well-known issues before vendors fixed
that?  Yeah, exactly.)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20111129/5d398ff2/attachment-0001.bin>


More information about the NANOG mailing list