Questions on IPv6 deployment

• Previous message (by thread): Questions on IPv6 deployment
• Next message (by thread): Questions on IPv6 deployment
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 1/17/17 1:55 PM, William Herrin wrote:
> On Tue, Jan 17, 2017 at 4:07 PM, Matthew Huff <mhuff at ox.com> wrote:
>> The reason for allocating a /64 for a point to point link is due to various denial of service attack vectors.


if you mean allocating a /127, then... sure.

Neighbor discovery on point to point links could be a problem as is the
poential for looping behavior . There are of course ways other than
allocating a longer prefix to a point to point link to achieve that, 
e.g. disabling it. among other things You have to disable DAD anyway if
you ever plan to loop them up for testing.

these are detailed in

https://tools.ietf.org/html/rfc6164
>> Hi Matthew,
>>
>> I'm always interested in learning something new. Please explain the
>> DOS vectors you're referring to and how they're mitigated by
>> allocating a /64 to the point to point link.
>>
>>
>> Just do it.
> No. But if you offer a good reason, I'll factor your reason in to my
> considerations.
>
> Regards,
> Bill Herrin
>


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20170117/83dbe5da/attachment.sig>

• Previous message (by thread): Questions on IPv6 deployment
• Next message (by thread): Questions on IPv6 deployment
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]