ipv6 next-hop link-local

Mark Smith nanog at 85d5b20a518b8f6864949bd940457dc124746ddc.nosense.org
Sat Feb 19 13:32:35 CET 2011


On Sat, 19 Feb 2011 12:52:41 +0100
"S.P.Zeidler" <spz at serpens.de> wrote:

> Hi,
> 
> Thus wrote Mark Smith (nanog at 85d5b20a518b8f6864949bd940457dc124746ddc.nosense.org):
> 
> > On Sat, 19 Feb 2011 11:07:22 +0100
> > Gert Doering <gert at space.net> wrote:
> > 
> > > Of course one could run an exchange point on link-local addresess - but
> > > I have not ever seen one yet, and I do not think that the operational
> > > difficulties will outweigh the benefits.
> > >  (Which benefits, exactly?  
> [...]
> 
> > There's no real need for GTSM if link locals are used, and the threat of
> > SYN or similar control plane attacks from off-link sources disappears.
> 
> And you get exactly the same set of problems that you'd get if you ran a
> v4 exchange on private addresses.
> 

What problems are they? Bear in mind our discussion is specifically
whether to use link-locals or globals as eBGP next hops and session
end-points, and whether or not there are useful benefits. It is not
about whether only link-locals are used instead of global IPv6
addresses, rather than in parallel with them (link locals aren't a
choice anyway, they're there all the time in parallel with any other
configured addressing.) For example, traceroute and PMTUD across the IX
will still work because of the global IPv6 addresses.

> > > Gert Doering
> > >         -- NetMaster
> > > -- 
> > > did you enable IPv6 on something today...?
> >   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 
> > 
> > I think the fact that you're putting that in your signature indicates
> > we really shouldn't be making judgements about what will be common IPv6
> > practice at this stage of IPv6 deployment.
> 
> It's unclear to me how you get from that signature to that conclusion.
> 

Just that if Gert feels he needs to question people in his email
signature, by default, as to whether they've enabled IPv6 or not, it
seems to me that is a sign that there isn't very much IPv6 operational
experience yet. So I don't think we have enough operational
history yet to be making judgements as to whether a feature like using
link-locals for BGP should be deprecated. At this time I think it would
be a premature decision.

> > I think most people will be
> > applying IPv4 thinking to IPv6 deployments, so they may not be aware
> > that link-locals can be used for this purpose. 5 to 10 years time might
> > be a better time to observe what is common practice.
> 
> "Common practise" doesn't need to equal "actually a good idea", especially
> if you have lots of people trying to apply solutions to another protocols
> problems to a protocol that doesn't have them. :) Like jumping through
> hoops to preserve addresses by reflex.
> 

I agree with that. Habit and because other people are doing it that
way aren't always good strategies when the situation has changed.

Regards,
Mark.


More information about the ipv6-ops mailing list