Point-to-point /64
Ole Troan
otroan at employees.org
Sun Jun 2 00:03:01 CEST 2013
On 1 Jun 2013, at 23:55, Jeroen Massar <jeroen at massar.ch> wrote:
> On 2013-06-01 14:01, Ole Troan wrote:
>>
>>
>> On 1 Jun 2013, at 22:56, Jeroen Massar <jeroen at massar.ch> wrote:
>>
>>> One thing to keep in mind though is that quite some gear is
>>> optimized upto the first /64 bits, and might use slower paths for
>>> longer prefixes, thus if one is going to put a lot of /128s in a
>>> single /64, thus when really stuffing all p2p links in a single /64
>>> or so, it might hurt performance on the gear being used. As such,
>>> do ask your vendor about their limitations.
>>
>> If you are talking about router to router links, then typicall little
>> traffic is forwarded to any of the link addresses. This should
>> generally not be a concern.
>
> As the subject was about 'security', more in the rule of DoS/DDoS, the
> problem becomes that some miscreants target exactly those addresses
> because they are expected to not forward much....
>
> Indeed for normal operation it should be okay, but miscreants are
> getting smarter too...
In the case of /127 or /128 you'd always hit the router's host stack.
Ole
More information about the ipv6-ops
mailing list