Using IPv6 with prefixes shorter than a /64 on a LAN
marka at isc.org
Mon Jan 24 18:36:01 CST 2011
In message <op.vpt734cxtfhldh at rbeam.xactional.com>, "Ricky Beam" writes:
> On Mon, 24 Jan 2011 15:53:32 -0500, Ray Soucy <rps at maine.edu> wrote:
> > Every time I see this question it' usually related to a fundamental
> > misunderstanding of IPv6 and the attempt to apply v4 logic to v6.
> Not exactly. If it's a point-to-point link, then there are *TWO* machines
> on it -- one at each end; there will *always* be two machines on it.
> There's no sane reason to assign 18trillion addresses to it. Yes, in this
> respect it's like not wasting an IPv4 /24, but it's also The Right Tool
> For The Job.(tm) If one were to assign a /64 to every p-t-p link in the
> world, IPv6 address space would be used at an insane rate. (and those
> assignments aren't free.) Do people not remember the early days of IPv4
> where /8's were handed out like Pez?
> > That said. Any size prefix will likely work and is even permitted by
> > the RFC. You do run the risk of encountering applications that assume
> > a 64-bit prefix length, though. And you're often crippling the
> > advantages of IPv6.
> And such applications are *BROKEN*. IPv6 is *classless* -- end of
> /64 (and /80 previous) is a lame optimization so really stupid devices can
> find an address in 4 bytes of machine code. This is quite lame given all
> the other complex baggage IPv6 requires.
> And then /64 is only required by SLAAC, which you are not required to use.
> > You should think of IPv6 as a 64-bit address that happens to include a
> > 64-bit host identifier.
> No, you should not. That underminds the fundamental concept of IPv6 being
> *classless*. And it will lead to idiots writing broken applications and
> protocols assuming that to be true.
> > Another thing to consider is that most processors today lack
> > operations for values that are larger than 64-bit. By separating the
> > host and network segment at the 64-bit boundary you may be able to
> > take advantage of performance optimizations that make the distinction
> > between the two (and significantly reduce the cost of routing
> > decisions, contributing to lower latency).
> IPv6 is classless; routers cannot blindly make that assumption for
> "performance optimization".
> > Many cite concerns of potential DoS attacks by doing sweeps of IPv6
> > networks. I don't think this will be a common or wide-spread problem.
> Myopia doesn't make the problem go away. The point of such an attack is
> not to "find things", but to overload the router(s). (which can be done
> rather easily by a few dozen machines.)
There will be two machines but not necessarially 2 addresses. For
inter router links there will usually only be the two adresses.
For port to point links to general purpose machines you should
expect multiple address at least one end.
Even routers can use CGAs.
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the NANOG