Subnetting Practices

Roland Dobbins rdobbins at cisco.com
Mon Jul 16 23:52:50 CEST 2007


On Jul 16, 2007, at 2:11 PM, Iljitsch van Beijnum wrote:

> You mean like an ARP storm?

Not just that kind of thing with ND - if folks redistribute  
connected, it then becomes a layer-3-reachable sinkhole for a wide  
swath of address space.  Host-scanning, aggressive network worm  
propagation (you never know when some idiot will make a mistake like  
with SQL Slammer, or do it purposely), crafted DDoS, etc.

> Obviously people are going to use /64 subnets in IPv4 for non-p2p  
> subnets, and alhough those will have more addresses used, they'll  
> still be populated extremely sparsely, so IPv6 routers need to be  
> able to handle this kind of abuse anyway, so what it is you're  
> using on a p2p subnet shouldn't matter.

See above, it makes things worse.

> (And I doubt anyone is implementing neighbor discover in hardware...)

By definition, certainly not on software-based platforms, heh.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins at cisco.com> // 408.527.6376 voice

        Culture eats strategy for breakfast.

                -- Ford Motor Company





More information about the ipv6-ops mailing list