IPv6 network policies
David Freedman
david.freedman at uk.clara.net
Sat Apr 10 02:06:54 CEST 2010
>
> Might I ask what you use for auditing? Does what you use for auditing
> work against/with the likes of a RANCID setup as opposed to polling the
> gear? iow, our auditing is limited to the op ensuring its done, and if
> not, someone catching in the RANCID change log that it wasn't done. ie.
> not yet automated.
Well, for us it is a simple set of scripts, each of which run periodically
on the archived configs (i.e rancid) and produce reports on stuff which
would normally cause engineers to raise an eyebrow, mailing them out for
review.
> Ok. That works. I use /30. I'm more considerate to /126 (/30) than I am
> to the other.
I see this just like the OSPF(v3) vs IS-IS argument, do what you feel most
comfortable with. Our scheme is based on "least confusion principle", i.e
/126 for p2p and /64 for anything larger, introducing stuff in the middle
adds confusion and tends to either slow people down or induce greater
amounts of human error (and yes, human error is always present as we know ,
despite modern automated provisioning systems!)
>
> This is why I was curious about how these /12xs were being assigned.
>
> From one specific block for the entire network, or in the same tradition
> as /30s are used (ie. steal from a delegation)?
We have a /64 for /126s, we only encourage use of these between routers
(router to host we like to make as resilient as possible), we don't reserve
anything more for a /126, if we need to expand the subnet then we move to a
brand new /64.
Dave.
------------------------------------------------
David Freedman
Group Network Engineering
Claranet Limited
http://www.clara.net
More information about the ipv6-ops
mailing list