Subnetting Practices

[Iljitsch van Beijnum]

On 14-jul-2007, at 19:48, Roland Dobbins wrote:

>> This seems kind of wasteful to me, so if anyone out there can  
>> clarify why, I'd appreciate it.

> Not only is it wasteful, but it's a security risk, as it  
> essentially turns one's router into a sinkhole for any type of  
> scanning activity or DDoS crafted to exploit this inexplicable  
> practice, IMHO.

What are you talking about???

There are tons of options for point-to-point subnetting with IPv6:

- do nothing: routing protocols use link local addresses anyway,  
global addresses are borrowed from another interface automatically  
for ICMP etc
- do "ipv6 unnumbered" on Cisco, explicitly borrow an address from  
elsewhere
- /127: not a good idea, the all-zeros address is supposed to be the  
any router anycast address although this is not widely implemented  
_today_
- /126: works, although the top 128 addresses are reserved for  
anycast stuff
- /120: no clashes with top 128 anycast addresses
- /112: subnet on nice colon boundary
- /64: mandated by RFC 3513 (for no explicable reason) and you get to  
use EUI-64 addressing

I really like EUI-64 addressing because that way, you can simply say:

  ipv6 address 2001:dead:beef::/64 eui-64

in ALL your router configs rather than have to remember that router X  
has the ::1 address and router Y the ::2 address.

I also like to put the decimal-encoded-as-hex (i.e., 1024 decimal  
becomes 1024 hex) VLAN ID in the subnet bits, to reduce the amount of  
thinking about the internal addressing that's required even further.