nanog mailing list archives
Re: Using /126 for IPv6 router links
From: Matthew Petach <mpetach () netflight com>
Date: Mon, 25 Jan 2010 01:14:17 -0800
On Sat, Jan 23, 2010 at 4:52 AM, Mathias Seiler <mathias.seiler () mironet ch> wrote:
Hi In reference to the discussion about /31 for router links, I d'like to know what is your experience with IPv6 in this regard. I use a /126 if possible but have also configured one /64 just for the link between two routers. This works great but when I think that I'm wasting 2^64 - 2 addresses here it feels plain wrong. So what do you think? Good? Bad? Ugly? /127 ? ;) Cheers Mathias Seiler MiroNet GmbH, Strassburgerallee 86, CH-4055 Basel T +41 61 201 30 90, F +41 61 201 30 99 mathias.seiler () mironet ch www.mironet.ch
As I mentioned in my lightning talk at the last NANOG, we reserved a /64 for each PtP link, but configured it as the first /126 out of the /64. That gives us the most flexibility for expanding to the full /64 later if necessary, but prevents us from being victim of the classic v6 neighbor discovery attack that you're prone to if you configure the entire /64 on the link. All someone out on the 'net needs to do is scan up through your address space on the link as quickly as possible, sending single packets at all the non-existent addresses on the link, and watch as your router CPU starts to churn keeping track of all the neighbor discovery messages, state table updates, and incomplete age-outs. With the link configured as a /126, there's a very small limit to the number of neighbor discovery messages, and the amount of state table that needs to be maintained and updated for each PtP link. It seemed like a reasonable approach for us--but there's more than one way to skin this particular cat. Hope this helps! Matt
Current thread:
- Re: Using /126 for IPv6 router links, (continued)
- Re: Using /126 for IPv6 router links Daniel Senie (Jan 26)
- Re: Using /126 for IPv6 router links Joe Maimon (Jan 26)
- Re: Using /126 for IPv6 router links Aaron C. de Bruyn (Jan 26)
- Re: Using /126 for IPv6 router links Joel Jaeggli (Jan 29)
- Re: Using /126 for IPv6 router links Owen DeLong (Jan 26)
- Re: Using /126 for IPv6 router links Glen Turner (Jan 24)
- Re: Using /126 for IPv6 router links Mark Smith (Jan 24)
- Re: Using /126 for IPv6 router links Leo Bicknell (Jan 23)
- Re: Using /126 for IPv6 router links Nathan Ward (Jan 24)
- Re: Using /126 for IPv6 router links Owen DeLong (Jan 24)
- Re: Using /126 for IPv6 router links Nathan Ward (Jan 24)
- Re: Using /126 for IPv6 router links Matthew Petach (Jan 25)
- Re: Using /126 for IPv6 router links Richard A Steenbergen (Jan 25)
- Re: Using /126 for IPv6 router links Mathias Seiler (Jan 25)
- RE: Using /126 for IPv6 router links Matt Addison (Jan 25)
- RE: Using /126 for IPv6 router links Igor Gashinsky (Jan 26)
- Re: Using /126 for IPv6 router links Steve Bertrand (Jan 26)
- Re: Using /126 for IPv6 router links Grzegorz Janoszka (Jan 27)
- RE: Using /126 for IPv6 router links TJ (Jan 27)
- RE: Using /126 for IPv6 router links Pekka Savola (Jan 26)
- Re: Using /126 for IPv6 router links Mark Smith (Jan 26)
- Re: Using /126 for IPv6 router links Jim Burwell (Jan 27)