Using /126 for IPv6 router links

Matt Addison maddison at lightbound.net
Mon Jan 25 10:33:04 CST 2010


> From: Mathias Seiler [mailto:mathias.seiler at mironet.ch]
> Subject: Re: Using /126 for IPv6 router links
> 
> Ok let's summarize:
> 
> /64:
> + 	Sticks to the way IPv6 was designed (64 bits host part)
> + 	Probability of renumbering very low
> + 	simpler for ACLs and the like
> + 	rDNS on a bit boundary
> 
> <> 	You can give your peers funny names, like 2001:db8::dead:beef ;)
> 
> - 	Prone to attacks (scans, router CPU load)
> - 	"Waste" of addresses
> - 	Peer address needs to be known, impossible to guess with 2^64
> addresses
> 
> 
> /126
> + 	Only 4 addresses possible (memorable, not so error-prone at
> configuration-time and while debugging)
> + 	Not prone to scan-like attacks
> 
> - 	Not on a bit boundary, so more complicated for ACLs and ...
> - 	... rDNS
> - 	Perhaps need to renumber into /64 some time.
> - 	No 64 bits for hosts

You're forgetting Matthew Petach's suggestion- reserve/assign a /64 for
each PtP link, but only configure the first /126 (or whatever /126 you
need to get an amusing peer address) on the link. 

+ 	Sticks to the way IPv6 was designed (64 bits host part- even if
it isn't all configured)
+ 	Probability of renumbering very low
+ 	simpler for ACLs and the like
+ 	rDNS on a bit boundary
+ 	Only 4 addresses possible (memorable, not so error-prone at
configuration-time and while debugging)
+ 	Not prone to scan-like attacks
+	Easy to renumber into a /64 if you need to

- 	"Waste" of addresses

Seems to be a fairly good compromise, unless there's something I missed.

~Matt




More information about the NANOG mailing list