IPv6 prefixes longer then /64: are they possible in DOCSIS networks?

Mon Nov 28 23:22:52 UTC 2011

On 11/28/11 6:13 PM, "Fred Baker" <fred at cisco.com> wrote:

>Basically, if the address used by a host is allocated using RFC
>3971/4861/4941, the host assumes a /64 from the router and concocts a 64
>bit EID as specified. If the address used by the host is allocated using
>DHCP/DHCPv6, it is the 128 bit number assigned by the DHCP server. I see
>no reason you couldn't use a /127 prefix if the link was point to point.
[jjmb] How would this address be assigned?  Statically?  Practically, I do
not see how this would be useful.  I do agree it is possible.
>
>As you note, there is significant deployment of ND, and insignificant
>deployment of DHCPv6. However, any network that is in control of all of
>its hosts should be able to specify the use of DHCPv6.
[jjmb] I do not agree about the insignificance of DHCPv6 deployment, ND
support is certainly greater.  Having control over hosts ie an enterprise
environment, creates the opportunity to mandate DHCPv6, it does not always
it should be required.  Again this depends on the deployment scenario.

>
>On Nov 28, 2011, at 2:39 PM, Brzozowski, John wrote:
>
>> I mentioned this in an earlier reply.  CM vs CPE vs CPE router are all
>> different use cases.  From a CPE or CPE router point of view SLAAC will
>> likely not be used to provisioned devices, stateful DHCPv6 is required.
>> As such Vista/7 machines that are directly connected to cable modems
>>will
>> receive an IPv6 address and configuration options via stateful DHCPv6.
>> The same now applies to OSX Lion.
>> 
>> 
>> I do agree that many host implementations have been built around /64
>> assumptions and departures from the same at this time will seemingly
>> introduce more problems that benefits.
>> 
>> John
>> 
>> On 11/28/11 5:00 PM, "Steven Bellovin" <smb at cs.columbia.edu> wrote:
>> 
>>> 
>>> On Nov 28, 2011, at 4:51 52PM, Owen DeLong wrote:
>>> 
>>>> 
>>>> On Nov 28, 2011, at 7:29 AM, Ray Soucy wrote:
>>>> 
>>>>> It's a good practice to reserve a 64-bit prefix for each network.
>>>>> That's a good general rule.  For point to point or link networks you
>>>>> can use something as small as a 126-bit prefix (we do).
>>>>> 
>>>> 
>>>> Technically, absent buggy {firm,soft}ware, you can use a /127. There's
>>>> no
>>>> actual benefit to doing anything longer than a /64 unless you have
>>>> buggy *ware (ping pong attacks only work against buggy *ware),
>>>> and there can be some advantages to choosing addresses other than
>>>> ::1 and ::2 in some cases. If you're letting outside packets target
>>>>your
>>>> point-to-point links, you have bigger problems than neighbor table
>>>> attacks. If not, then the neighbor table attack is a bit of a
>>>> red-herring.
>>>> 
>>> 
>>> The context is DOCSIS, i.e., primarily residential cable modem users,
>>>and
>>> the cable company ISPs do not want to spend time on customer care and
>>> hand-holding.  How are most v6 machines configured by default?  That
>>>is,
>>> what did Microsoft do for Windows Vista and Windows 7?  If they're set
>>>for
>>> stateless autoconfig, I strongly suspect that most ISPs will want to
>>>stick
>>> with that and hand out /64s to each network.  (That's apart from the
>>> larger
>>> question of why they should want to do anything else...)
>>> 
>>> 
>>> 		--Steve Bellovin, https://www.cs.columbia.edu/~smb
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>> 
>> 
>