Point-to-point /64
Wade Roberts
ipv6-ops at acquired-taste.net
Sun Jun 2 09:05:16 CEST 2013
My preferred method of implementing point to point links is allocate a /64 to the link, then configure a /127 on the interfaces and null route the /64 on the devices. This leaves the rest of your IGP to only have to deal with /64 and smaller masks, which is likely to be more optimal.
If you're dealing with ancient code which is affected by the Subnet-Anycast address issue, you could get away with configuring a /126 on the interfaces and null routing the redundant /128s.
If you're seriously concerned about relying on the specified routers to handle wayward or malicious packets from hostile networks, you could easily mirror the sinkhole closer to the border.
--
Wade
On 2013-06-02, at 0:04, Arturo Servin <arturo.servin at gmail.com> wrote:
> Hi,
>
> I would like to ask which measures is people taking to protect p-2-p
> links that are configured with a /64. So far I imagine things like
> rate-limiting, ACLs, etc. But still that is a bit abstract of what to do
> in a router.
>
> If you have some configuration examples it would be great (Cisco,
> juniper would be fine, we have both).
>
> Regards,
> as
More information about the ipv6-ops
mailing list