Point-to-point /64
Jeroen Massar
jeroen at massar.ch
Sat Jun 1 22:56:23 CEST 2013
On 2013-06-01 13:38, Arturo Servin wrote:> Ole,
>
> I know!
>
> Basically I want to have the whole picture before recommend or not
> recommend to use /64s in p2p links (or use them myself)
>
> /64s in p2p looks very appealing for many reasons, but they have a
> counter argument in security. Is it possible to overcome?
>
> Perhaps the only solution is to avoid /64s in p2p links.
It really completely depends on what the security threat you are trying
to 'protect' against. Except for using more space and giving the option
of using that space later on there is no real benefit between using a
/64 and configuring only 2x/128s or just configuring 2x/128.
One thing to keep in mind though is that quite some gear is optimized
upto the first /64 bits, and might use slower paths for longer prefixes,
thus if one is going to put a lot of /128s in a single /64, thus when
really stuffing all p2p links in a single /64 or so, it might hurt
performance on the gear being used. As such, do ask your vendor about
their limitations.
On 2013-06-01 13:49, cb.list6 wrote:
[..]
> I do /127 p2p
>
> Subnet anycast is not a supported feature or requirment in my network.
As subnet anycast is a integral part of IPv6, you might not want to
support or require it, but the gear will implement it and thus one point
it will bite you as suddenly it won't work.
Likely though you are just putting the PtP links as 2x /128 and not as a
/127 on the link. The former works, the latter breaks.
Greets,
Jeroen
More information about the ipv6-ops
mailing list