IS-IS and IPv6 LLA next-hop - just Arista, or everyone?
mark at tinka.africa
Tue May 4 16:20:58 UTC 2021
On 5/4/21 17:34, Saku Ytti wrote:
> I don't think you are, I read like an opinion piece so it's inherently
> not right or wrong. I don't have the same experience and I consider
> forcing LLA a blessing in limiting attack vectors and I personally
> don't see downsides as all addresses are gibbering to me, as my
> working memory contains very few digits. I wish ND had mandated LLA
> too, so many customer tickets due to poorly configured filters due to
> misunderstanding how ND works.
I agree - this may be one of those "six-and-half-a-dozen" scenarios.
When I had a smaller network there was meaning in what IPv4 addresses I
assigned, i.e., I could look at them and figure out which port on which
router. As I built larger networks, I suppose I had bigger problems than
that, and relied on other tools to help me with reverse look-up (DNS,
IPAM, an NMS, old notes that were probably half eaten by rats, e.t.c.).
I really haven't bothered to look into the history that brought us here,
but to me, LLA for an IGP makes sense. Would I have minded if it was
GUA... probably not. But I'm pretty okay with where we are at as a
community, in this respect.
More information about the NANOG