IPv6 Addressing Question
Brian E Carpenter
brian.e.carpenter at gmail.com
Sat Apr 6 12:42:33 CEST 2013
On 06/04/2013 11:30, Sander Steffann wrote:
> Hi Mike,
>
>> IPv6 routing protocols seem in some cases to exclusively use automatic link local addresses. Even for manual configuration, link locals deal with the ND exhaustion attack problem in the core quite nicely, while also simplifying address management.
>>
>> Are there practical reasons for global addresses on router interfaces?
>
> Pinging interface endpoints for debugging and monitoring, being able to see which interface is used in a traceroute, stuff like that. Routing protocols can work perfectly fine without global addresses, but netadmins have a harder time with just link locals :-) But true: it is something that I have tested in the lab, and it does reduce the attack surface of the network a bit.
To be explicit, using a link local completely breaks traceroute,
since ICMP replies sourced from a link local address must be
discarded by the next hop, according to RFC 4291 section 2.5.6.
Brian
More information about the ipv6-ops
mailing list