Re: IPv6 Default Allocation - What size allocation are you giving out

[William Herrin <bill () herrin us>]

On Thu, Oct 9, 2014 at 5:13 PM, Baldur Norddahl
<baldur.norddahl () gmail com> wrote:
> But all this are customer facing interfaces, which do not really qualify
> for "point to point" links. I might consider adding interface addressing
> for IPv6, but for me IPv4 was the primary design parameter. Having IPv6
> mirror the IPv4 setup means I have to think less about the setup. And we
> are really constrained to use as few IPv4 addresses as possible. We only
> got 1024 from RIPE and have to buy any additional at great expense.

Hi Baldur,

If that's convenient, more power to you. I can think of nothing which
breaks doing it that way, just a couple things that might be easier if
you do it the other way.


> My colleges wanted to completely drop using public IP addressing in the
> infrastructure.

This, however, is positively 100% broken. Do not use private IPs on
your routers.

The TCP protocol depends on receiving ICMP type 3 (destination
unreachable) messages from your router. Without ICMP messages needed
for path MTU detection, TCP connections somewhat randomly drop into a
black hole. Have a customer who connects to your web server but never
receives the web page? Look for the firewall blocking ICMP.

If those ICMP messages originate from private IP addresses, they will
not reach their destination. Private IPs tend to be dropped at
multiple locations out on the public Internet.

So don't use private IPs on routers. Routers must be able to generate
ICMP destination unreachables with the expectation that they _will_
get through.

Regards,
Bill Herrin

-- 
William Herrin ................ herrin () dirtside com  bill () herrin us
Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/>
May I solve your unusual networking challenges?