Questions on IPv6 deployment

Owen DeLong owen at delong.com
Tue Jan 17 21:12:06 UTC 2017


I think you mean /127 since a /128 would not support 2 points on the point to point.

Owen

> On Jan 17, 2017, at 13:07 , Matthew Huff <mhuff at ox.com> wrote:
> 
> The reason for allocating a /64 for a point to point link is due to various denial of service attack vectors. Just do it. The numbers in IPv6 are staggering. The generally accepted best practice is to allocate a /64 and use a /128 within that /64 for point to point links.
> 
> ----
> Matthew Huff             | 1 Manhattanville Rd
> Director of Operations   | Purchase, NY 10577
> OTA Management LLC       | Phone: 914-460-4039
> aim: matthewbhuff        | Fax:   914-694-5669
> 
> 
>> -----Original Message-----
>> From: NANOG [mailto:nanog-bounces at nanog.org] On Behalf Of William
>> Herrin
>> Sent: Tuesday, January 17, 2017 4:02 PM
>> To: Michael Still <stillwaxin at gmail.com>
>> Cc: nanog at nanog.org
>> Subject: Re: Questions on IPv6 deployment
>> 
>> On Tue, Jan 17, 2017 at 12:48 PM, Michael Still <stillwaxin at gmail.com>
>> wrote:
>>> http://nabcop.org/index.php/IPv6_Subnetting
>> 
>> That's overall good advice. I quibble with a couple of points:
>> 
>> 1. If you plan to use a /126 on a point to point and can't imagine how
>> you would use a /64 on that point to point, don't allocate a /64. Odds
>> are that by the time you can imagine some way to use a /64 there, the
>> details will require you to assign a new block anyway.
>> 
>> Why be concerned about resource consumption? Because it's a good
>> habit. Don't overdo it, IPv6 is not resource constrained the way IPv4
>> is, but shrewd use of available resources is a good habit even when
>> resources are plentiful.
>> 
>> 2. Make all your point to points /124. That will work for all your
>> point to points. Serial or ethernet. Even the ethernets which have two
>> high-availability routers on both ends along with the failover address
>> needing a total of 6 IPs plus 1 for your troubleshooting laptop.
>> Configuring /124 every time allows you to standardize your
>> configuration, the same way /64 standardizes the netmask on a LAN
>> deployment.
>> 
>> 
>> 
>> One additional point not brought up:
>> 
>> Minimum assignment to a customer: /60. Never ever /64 or /128. How
>> much more than a /60 you choose as your minimum is up to you. Common
>> choices are /56 and /48. But never, ever less than a /60.   Your
>> customer will want to deploy a /64 to each LAN. And there are so many
>> cases where he'll want to deploy more than one LAN.
>> 
>> I've noticed a lot of hosting providers getting this wrong. Some of
>> your customers do create VPNs on their VPC you know.
>> 
>> Regards,
>> Bill Herrin
>> 
>> 
>> --
>> William Herrin ................ herrin at dirtside.com  bill at herrin.us
>> Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/>




More information about the NANOG mailing list