nanog mailing list archives

Re: subnet prefix length > 64 breaks IPv6?

From: Sven Olaf Kamphuis <sven () cb3rob net>
Date: Sat, 24 Dec 2011 15:30:10 +0000 (UTC)

it only breaks the auto configure crap which you don't want to use anyway.

(unless you want to have any computer on your network be able to tell anyother computer "oh hai i'm a router, please route all your packets throughme so i can intercept them" and/or flood its route table ;)


we use all kinds of things from /126'es to /112 (but hardly any /64 crap)

works perfectly fine.

as long as its nibble aligned (for other reasons ;)

--
Greetings,

Sven Olaf Kamphuis,
CB3ROB Ltd. & Co. KG
=========================================================================
Address: Koloniestrasse 34         VAT Tax ID:      DE267268209
         D-13359                   Registration:    HRA 42834 B
         BERLIN                    Phone:           +31/(0)87-8747479
         Germany                   GSM:             +49/(0)152-26410799
RIPE:    CBSK1-RIPE                e-Mail:          sven () cb3rob net
=========================================================================
<penpen> C3P0, der elektrische Westerwelle
http://www.facebook.com/cb3rob
=========================================================================

Confidential: Please be advised that the information contained in this
email message, including all attached documents or files, is privileged
and confidential and is intended only for the use of the individual or
individuals addressed. Any other use, dissemination, distribution or
copying of this communication is strictly prohibited.


On Sat, 24 Dec 2011, Glen Kent wrote:

Hi,

I am trying to understand why standards say that "using a subnet
prefix length other than a /64 will break many features of IPv6,
including Neighbor Discovery (ND), Secure Neighbor Discovery (SEND)
[RFC3971], .. " [reference RFC 5375]

Or "A number of other features currently in development, or being
proposed, also rely on /64 subnet prefixes."

Is it because the 128 bits are divided into two 64 bit halves, where
the latter identifies an Interface ID which is uniquely derived from
the 48bit MAC address.

I am not sure if this is the reason as this only applies to the link
local IP address. One could still assign a global IPv6 address. So,
why does basic IPv6 (ND process, etc) break if i use a netmask of say
/120?

I know that several operators use /120 as a /64 can be quite risky in
terms of ND attacks. So, how does that work? I tried googling but
couldnt find any references that explain how IPv6 breaks with using a
netmask other than 64.

Glen

Current thread:

subnet prefix length > 64 breaks IPv6? Glen Kent (Dec 23)
- Re: subnet prefix length > 64 breaks IPv6? sthaug (Dec 23)
  - Re: subnet prefix length > 64 breaks IPv6? Glen Kent (Dec 24)
    - Re: subnet prefix length > 64 breaks IPv6? Karl Auer (Dec 24)
    - Re: subnet prefix length > 64 breaks IPv6? Alexandru Petrescu (Dec 24)
    - Re: subnet prefix length > 64 breaks IPv6? Glen Kent (Dec 24)
    - Re: subnet prefix length > 64 breaks IPv6? Jonathan Lassoff (Dec 24)
- Re: subnet prefix length > 64 breaks IPv6? Sven Olaf Kamphuis (Dec 24)
  - Re: subnet prefix length > 64 breaks IPv6? Sven Olaf Kamphuis (Dec 24)
    - Re: subnet prefix length > 64 breaks IPv6? Glen Kent (Dec 26)
    - Re: subnet prefix length > 64 breaks IPv6? Glen Kent (Dec 27)
    - Re: subnet prefix length > 64 breaks IPv6? Valdis . Kletnieks (Dec 27)
    - Re: subnet prefix length > 64 breaks IPv6? Joel Maslak (Dec 27)
    - Re: subnet prefix length > 64 breaks IPv6? Chuck Anderson (Dec 27)
  - Re: subnet prefix length > 64 breaks IPv6? Ray Soucy (Dec 24)
    - Re: subnet prefix length > 64 breaks IPv6? Glen Kent (Dec 25)
    - Re: subnet prefix length > 64 breaks IPv6? sthaug (Dec 25)
- Re: subnet prefix length > 64 breaks IPv6? Iljitsch van Beijnum (Dec 28)

(Thread continues...)