Using /126 for IPv6 router links
Matt Addison
maddison at lightbound.net
Mon Jan 25 16:33:04 UTC 2010
> From: Mathias Seiler [mailto:mathias.seiler at mironet.ch]
> Subject: Re: Using /126 for IPv6 router links
>
> Ok let's summarize:
>
> /64:
> + Sticks to the way IPv6 was designed (64 bits host part)
> + Probability of renumbering very low
> + simpler for ACLs and the like
> + rDNS on a bit boundary
>
> <> You can give your peers funny names, like 2001:db8::dead:beef ;)
>
> - Prone to attacks (scans, router CPU load)
> - "Waste" of addresses
> - Peer address needs to be known, impossible to guess with 2^64
> addresses
>
>
> /126
> + Only 4 addresses possible (memorable, not so error-prone at
> configuration-time and while debugging)
> + Not prone to scan-like attacks
>
> - Not on a bit boundary, so more complicated for ACLs and ...
> - ... rDNS
> - Perhaps need to renumber into /64 some time.
> - No 64 bits for hosts
You're forgetting Matthew Petach's suggestion- reserve/assign a /64 for
each PtP link, but only configure the first /126 (or whatever /126 you
need to get an amusing peer address) on the link.
+ Sticks to the way IPv6 was designed (64 bits host part- even if
it isn't all configured)
+ Probability of renumbering very low
+ simpler for ACLs and the like
+ rDNS on a bit boundary
+ Only 4 addresses possible (memorable, not so error-prone at
configuration-time and while debugging)
+ Not prone to scan-like attacks
+ Easy to renumber into a /64 if you need to
- "Waste" of addresses
Seems to be a fairly good compromise, unless there's something I missed.
~Matt
More information about the NANOG
mailing list