nanog mailing list archives
Re: ipv6 newbie question
From: Owen DeLong <owen () delong com>
Date: Wed, 29 Jan 2014 13:03:48 -0500
There are tradeoffs in both directions.
Personally I think administrative simplicity wins over security through obscurity, so I recommend each organization
pick a random pair of static addresses and use those two addresses for all of their point to point links.
e.g. If your prefix for a given link is 2001:db8:xxxx:yyyy::/64, and you randomly choose the suffixes
dead:beef:cafe:babe and dead:beef:cafe:feed as your end-point addresses, then the links would be numbered
2001:db8:xxxx:yyyy:dead:beef:cafe:{babe,feed}.
YMMV and I don't recommend using my examples in practice.
Owen
On Jan 29, 2014, at 12:35 PM, Philip Lavine <source_route () yahoo com> wrote: Is it best practice to have the internet facing BGP router's peering ip (or for that matter any key gateway or security appliance) use a statically configured address or use EUI-64 auto config? I have seen comments on both sides and am leaning to EUI-64 (except for the VIP's like the ASA's failover ip ) -Philip
Current thread:
- Fw: ipv6 newbie question Philip Lavine (Jan 29)
- Re: ipv6 newbie question Jared Mauch (Jan 29)
- Re: Fw: ipv6 newbie question Nick Hilliard (Jan 29)
- Re: Fw: ipv6 newbie question Justin M. Streiner (Jan 29)
- RE: Fw: ipv6 newbie question Jack Stonebraker (Jan 29)
- Re: Fw: ipv6 newbie question Justin M. Streiner (Jan 29)
- Re: ipv6 newbie question Sander Steffann (Jan 29)
- Re: ipv6 newbie question Owen DeLong (Jan 29)
- Re: Fw: ipv6 newbie question Michael Still (Jan 29)
- Re: Fw: ipv6 newbie question Randy Bush (Jan 29)
- Re: Fw: ipv6 newbie question Philip Lavine (Jan 30)
- Re: Fw: ipv6 newbie question Randy Bush (Jan 30)
- Re: Fw: ipv6 newbie question Philip Lavine (Jan 30)