Point-to-point /64

Jeroen Massar jeroen at massar.ch
Sat Jun 1 19:46:21 CEST 2013


On 2013-06-01 10:41, Arturo Servin wrote:
[..]
>> If you are protecting against something scanning the rest of the /64
>> where for instance only ::1 and ::2 are configured, you have two options:
>>  - actually use /128 routes
> 
> What do you mean about /128 routes?

You configure 2001:db8:abcd:1234::1/128 on A, and then configure
2001:db8:abcd:1234::2/128 on B.

On A you route 2001:db8:abcd:1234::2/128 to the PtP interface,
on B you route 2001:db8:abcd:1234::1/128 to the PtP interface.

True Point-To-Point, with room to grow. Note that using a /127 might
seem logical, it does not work due to the subnet-anycast address.

Indeed, you 'lose' the rest of the /64, but when the time comes that you
convert it to a multi-point link one can just add extra /128s in there.

Greets,
 Jeroen




More information about the ipv6-ops mailing list