IS-IS and IPv6 LLA next-hop - just Arista, or everyone?

Saku Ytti saku at ytti.fi
Tue May 4 15:34:19 UTC 2021 

On Tue, 4 May 2021 at 18:28, Adam Thompson <athompson at merlin.mb.ca> wrote:

> I don't believe APIPA and Link-Local are precisely equivalent, but I agree it's the closest thing IPv4 has.  IS-IS/IPv4 would

Agreed, APIPA is using link-local, but they're not the same. APIPA is
an application or process which needs the use of link-local addresses.

> presumably use APIPA addresses if nothing else were assigned to the interface, based on my reading of the RFC.  I'm unsure what the RFC authors think should happen in a HELLO packet when the interface has multiple IPv4 addresses, but none of that is my problem here.

I doubt that it is implemented in such a way, but would be cute.

> I don't like LLAs because they are - intrinsically - meaningless.  In the context of my L3 core, I know that for any subnet, .1/::1 is such-and-such a router, .2/::2 is that one, .3/::3, is the other one, etc., etc.  (Yes, I have a very small & topologically simple L3 core.  Let's not talk about L2!)  When I look at my IPv4 routing table, I know which next-hop is which just by looking at it, and I can spot anomalies very easily.
>
> When I look at my IPv6 routing table, the next-hops are all... well... gibberish, at least to me.  My experience is that LLAs are not durable, so memorizing them is not IMHO a useful task.  Figuring out an (IS-IS) IPv6 route currently involves a couple of extra steps to locate the LLA's interface route, find the MAC address of that LLA on that link, and then identify the router from its MAC address.
>
> Am I missing something obvious?

I don't think you are, I read like an opinion piece so it's inherently
not right or wrong. I don't have the same experience and I consider
forcing LLA a blessing in limiting attack vectors and I personally
don't see downsides as all addresses are gibbering to me, as my
working memory contains very few digits. I wish ND had mandated LLA
too, so many customer tickets due to poorly configured filters due to
misunderstanding how ND works.

-- 
  ++ytti

More information about the NANOG mailing list