Questions on IPv6 deployment

joel jaeggli joelja at
Tue Jan 17 22:07:40 UTC 2017

On 1/17/17 1:55 PM, William Herrin wrote:
> On Tue, Jan 17, 2017 at 4:07 PM, Matthew Huff <mhuff at> wrote:
>> The reason for allocating a /64 for a point to point link is due to various denial of service attack vectors.

if you mean allocating a /127, then... sure.

Neighbor discovery on point to point links could be a problem as is the
poential for looping behavior . There are of course ways other than
allocating a longer prefix to a point to point link to achieve that, 
e.g. disabling it. among other things You have to disable DAD anyway if
you ever plan to loop them up for testing.

these are detailed in
>> Hi Matthew,
>> I'm always interested in learning something new. Please explain the
>> DOS vectors you're referring to and how they're mitigated by
>> allocating a /64 to the point to point link.
>> Just do it.
> No. But if you offer a good reason, I'll factor your reason in to my
> considerations.
> Regards,
> Bill Herrin

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the NANOG mailing list