Using IPv6 with prefixes shorter than a /64 on a LAN
jfbeam at gmail.com
Mon Jan 24 18:10:42 CST 2011
On Mon, 24 Jan 2011 15:53:32 -0500, Ray Soucy <rps at maine.edu> wrote:
> Every time I see this question it' usually related to a fundamental
> misunderstanding of IPv6 and the attempt to apply v4 logic to v6.
Not exactly. If it's a point-to-point link, then there are *TWO* machines
on it -- one at each end; there will *always* be two machines on it.
There's no sane reason to assign 18trillion addresses to it. Yes, in this
respect it's like not wasting an IPv4 /24, but it's also The Right Tool
For The Job.(tm) If one were to assign a /64 to every p-t-p link in the
world, IPv6 address space would be used at an insane rate. (and those
assignments aren't free.) Do people not remember the early days of IPv4
where /8's were handed out like Pez?
> That said. Any size prefix will likely work and is even permitted by
> the RFC. You do run the risk of encountering applications that assume
> a 64-bit prefix length, though. And you're often crippling the
> advantages of IPv6.
And such applications are *BROKEN*. IPv6 is *classless* -- end of
/64 (and /80 previous) is a lame optimization so really stupid devices can
find an address in 4 bytes of machine code. This is quite lame given all
the other complex baggage IPv6 requires.
And then /64 is only required by SLAAC, which you are not required to use.
> You should think of IPv6 as a 64-bit address that happens to include a
> 64-bit host identifier.
No, you should not. That underminds the fundamental concept of IPv6 being
*classless*. And it will lead to idiots writing broken applications and
protocols assuming that to be true.
> Another thing to consider is that most processors today lack
> operations for values that are larger than 64-bit. By separating the
> host and network segment at the 64-bit boundary you may be able to
> take advantage of performance optimizations that make the distinction
> between the two (and significantly reduce the cost of routing
> decisions, contributing to lower latency).
IPv6 is classless; routers cannot blindly make that assumption for
> Many cite concerns of potential DoS attacks by doing sweeps of IPv6
> networks. I don't think this will be a common or wide-spread problem.
Myopia doesn't make the problem go away. The point of such an attack is
not to "find things", but to overload the router(s). (which can be done
rather easily by a few dozen machines.)
More information about the NANOG