IPv6 Default Allocation - What size allocation are you giving out
William Herrin
bill at herrin.us
Thu Oct 9 17:40:48 UTC 2014
On Thu, Oct 9, 2014 at 12:29 PM, Richard Hicks <richard.hicks at gmail.com> wrote:
> Sixty replies and no one linked to the BCOP?
> Is there a reason we are ignoring it?
Hi Richard,
It's dated (a *lot* about IPv6 has changed since 2011) and a we've
learned enough to know some of the things in there are dubious. For
example:
"Regardless of the number of hosts on an individual LAN or WAN
segment, every multi-access network (non-point-to-point) requires at
least one /64 prefix."
But using /64s on WAN links invites needless problems with neighbor
discovery when an attacker decides to send one ping each to half a
million adresses all of which happen to land on that WAN link. WAN
links should really use something whose size is much closer to the
number of routers on the link, in the same order of magnitude anyway.
So /64s for LANs, sure, but size the WAN links small to make them less
vulnerable to attack.
And:
"Only subnet on nibble boundaries" is not reasonable. When I need two
LANs in a building I should burn 14 more to get to a nibble boundary?
Really?
"Only delegate on nibble boundaries" is a more reasonable statement.
When you assign addresses to your customer or to a different internal
team's control, THAT should be on a nibble boundary for the customer's
convenience understanding the written-down version of what network is
theirs and for your convenience when it comes time to delegate reverse
DNS.
Inside your network under control of the same engineers, subnet and
route just as you would with IPv4.
Regards,
Bill Herrin
--
William Herrin ................ herrin at dirtside.com bill at herrin.us
Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/>
May I solve your unusual networking challenges?
More information about the NANOG
mailing list