nanog mailing list archives

Re: IPv6 Default Allocation - What size allocation are you giving out

From: William Herrin <bill () herrin us>
Date: Thu, 9 Oct 2014 14:06:48 -0400

On Thu, Oct 9, 2014 at 1:55 PM, Richard Hicks <richard.hicks () gmail com> wrote:

On Thu, Oct 9, 2014 at 10:40 AM, William Herrin <bill () herrin us> wrote:

"Regardless of the number of hosts on an individual LAN or WAN
segment, every multi-access network (non-point-to-point) requires at
least one /64 prefix."

But using /64s on WAN links invites needless problems with neighbor
discovery when an attacker decides to send one ping each to half a
million adresses all of which happen to land on that WAN link.


The BCOP specfically addresses this in 4b:
" b. Point-to-point links should be allocated a /64 and configured with a
/126 or /127"


It says, effectively, that a WAN link involving 3 or 4 routers (a
common redundancy design) should use a /64. I think that's nuts. It
creates a needlessly wide attack surface. Use a /124 for that.

And if our subnets should be on nibble boundaries, /126 and /127 on
ptp links aren't so wise either. Use a /124 for that too.

-Bill



-- 
William Herrin ................ herrin () dirtside com  bill () herrin us
Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/>
May I solve your unusual networking challenges?

Current thread:

Re: IPv6 Default Allocation - What size allocation are you giving out, (continued)
- - - Re: IPv6 Default Allocation - What size allocation are you giving out Karl Auer (Oct 09)
    - Re: IPv6 Default Allocation - What size allocation are you giving out TJ (Oct 09)
    - Re: IPv6 Default Allocation - What size allocation are you giving out joel jaeggli (Oct 09)
    - Re: IPv6 Default Allocation - What size allocation are you giving out Owen DeLong (Oct 09)
    - Re: IPv6 Default Allocation - What size allocation are you giving out Owen DeLong (Oct 09)
    - Re: IPv6 Default Allocation - What size allocation are you giving out Owen DeLong (Oct 09)
    - Re: IPv6 Default Allocation - What size allocation are you giving out Richard Hicks (Oct 09)
    - Re: IPv6 Default Allocation - What size allocation are you giving out Faisal Imtiaz (Oct 09)
    - Re: IPv6 Default Allocation - What size allocation are you giving out William Herrin (Oct 09)
    - Re: IPv6 Default Allocation - What size allocation are you giving out Richard Hicks (Oct 09)
    - Re: IPv6 Default Allocation - What size allocation are you giving out William Herrin (Oct 09)
    - Re: IPv6 Default Allocation - What size allocation are you giving out Baldur Norddahl (Oct 09)
    - Re: IPv6 Default Allocation - What size allocation are you giving out William Herrin (Oct 09)
    - Re: IPv6 Default Allocation - What size allocation are you giving out Owen DeLong (Oct 09)
    - Re: IPv6 Default Allocation - What size allocation are you giving out Baldur Norddahl (Oct 09)
    - Re: IPv6 Default Allocation - What size allocation are you giving out Roland Dobbins (Oct 09)
    - Re: IPv6 Default Allocation - What size allocation are you giving out Baldur Norddahl (Oct 09)
    - Re: IPv6 Default Allocation - What size allocation are you giving out William Herrin (Oct 09)
    - Re: IPv6 Default Allocation - What size allocation are you giving out Roland Dobbins (Oct 09)
    - Re: IPv6 Default Allocation - What size allocation are you giving out Baldur Norddahl (Oct 09)
    - Re: IPv6 Default Allocation - What size allocation are you giving out Roland Dobbins (Oct 09)

(Thread continues...)