IPv6 network policies
Steve Bertrand
steve at ibctech.ca
Sat Apr 10 03:26:16 CEST 2010
On 2010.04.09 20:06, David Freedman wrote:
>> Might I ask what you use for auditing? Does what you use for auditing
>> work against/with the likes of a RANCID setup as opposed to polling the
>> gear? iow, our auditing is limited to the op ensuring its done, and if
>> not, someone catching in the RANCID change log that it wasn't done. ie.
>> not yet automated.
>
> Well, for us it is a simple set of scripts, each of which run periodically
> on the archived configs (i.e rancid) and produce reports on stuff which
> would normally cause engineers to raise an eyebrow, mailing them out for
> review.
Ok. That is trivial enough.
>> This is why I was curious about how these /12xs were being assigned.
>>
>> From one specific block for the entire network, or in the same tradition
>> as /30s are used (ie. steal from a delegation)?
>
> We have a /64 for /126s, we only encourage use of these between routers
> (router to host we like to make as resilient as possible), we don't reserve
> anything more for a /126, if we need to expand the subnet then we move to a
> brand new /64.
I guess this is what I was after.
Correct me if I'm wrong, but what I hear you saying is that you have a
single /64 reserved for the use of /126s across your entire network. Is
that right?
Steve
More information about the ipv6-ops
mailing list