IS-IS and IPv6 LLA next-hop - just Arista, or everyone?

Mark Tinka mark at tinka.africa
Tue May 4 16:20:58 UTC 2021


On 5/4/21 17:34, Saku Ytti wrote:

> I don't think you are, I read like an opinion piece so it's inherently
> not right or wrong. I don't have the same experience and I consider
> forcing LLA a blessing in limiting attack vectors and I personally
> don't see downsides as all addresses are gibbering to me, as my
> working memory contains very few digits. I wish ND had mandated LLA
> too, so many customer tickets due to poorly configured filters due to
> misunderstanding how ND works.

I agree - this may be one of those "six-and-half-a-dozen" scenarios.

When I had a smaller network there was meaning in what IPv4 addresses I 
assigned, i.e., I could look at them and figure out which port on which 
router. As I built larger networks, I suppose I had bigger problems than 
that, and relied on other tools to help me with reverse look-up (DNS, 
IPAM, an NMS, old notes that were probably half eaten by rats, e.t.c.).

I really haven't bothered to look into the history that brought us here, 
but to me, LLA for an IGP makes sense. Would I have minded if it was 
GUA... probably not. But I'm pretty okay with where we are at as a 
community, in this respect.

Mark.


More information about the NANOG mailing list