Re: Point 2 point IPs between ASes

[William Herrin <bill () herrin us>]

Hello,

The common recommendations for IPv6 point to point interface numbering are:

/64
/124
/126
/127

/64:
Advantages: conforms to IPv6 standard for a LAN link
Disadvantages: DOS threats against this design. Looping on a true ptp
circuit. Neighbor discovery issues.

/124:
Advantages: supports multiple routers on each end of the circuit. Conforms
to nibble assignment boundary that helps keep address assignments clean and
comprehensible.
Disadvantages: ancient hardware that barely supports IPv6 may have trouble
efficiently handling routes longer than /64.

/126:
Advantages: equivalent to an IPv4 /30 with exactly the same functionality.
Disadvantages: equivalent to an IPv4 /30 with exactly the same
functionality.

/127:
Advantages: saves that extra pair of IP addresses.
Disadvantages: complicates configuration just to save two IPv6 addresses.

Enhancements:
For /124, /126 and /127: allocate all of your addresses for every router in
the system from the same /64. Use router ACLs to control entry of packets
directed to that /64. Nice clean way to stop hackers from poking at your
routers.

Regards,
Bill Herrin



On Tue, Jun 27, 2017 at 4:28 PM, Krunal Shah <KShah () primustel ca> wrote:

> Hello,
>
> What subnet mask you are people using for point to point IPs between two
> ASes? Specially with IPv6, We have a transit provider who wants us to use
> /64 which does not make sense for this purpose. isn’t it recommended to use
> /127 as per RFC 6164 like /30 and /31 are common for IPv4.
>
> I was thinking, if someone is using RFC7404 for point to point IP between
> two ASes and establish BGP over link local addresses. This way you have
> your own IP space on your router and transit provider does not have to
> allocate IP space for point to point interface between two ASes. In
> traceroutes you would see only loopback IP address with GUA assigned from
> your allocated routable address space. Remotely DDoS to this link isn’t
> possible this way. Thoughts?
>
>
>
> [Description: cid:image010.png@01D1ECB6.5D17D120]<https://primus.ca/>
>
>
>
>
>
> Krunal Shah
> Network Analyst, IP & Transport Network Engineering
> O: 416-855-1805
> kshah () primustel ca
>
>
>
>
>
> [Description: cid:image011.png@01D1ECB6.5D17D120]<https://primus.ca/>
> [Description: cid:image012.png@01D1ECB6.5D17D120] <https://twitter.com/
> Primus4Business>   [Description: cid:image013.png@01D1ECB6.5D17D120] <
> https://www.facebook.com/primusforbusiness>    [Description:
> cid:image014.png@01D1ECB6.5D17D120] <https://www.linkedin.com/
> company/primus-telecommunications-canada-inc->
>
>
>
> ________________________________
>
>  This electronic message contains information from Primus Management ULC
> ("PRIMUS") , which may be legally privileged and confidential. The
> information is intended to be for the use of the individual(s) or entity
> named above. If you are not the intended recipient, be aware that any
> disclosure, copying, distribution or use of the contents of this
> information is prohibited. If you have received this electronic message in
> error, please notify us by telephone or e-mail (to the number or address
> above) immediately. Any views, opinions or advice expressed in this
> electronic message are not necessarily the views, opinions or advice of
> PRIMUS. It is the responsibility of the recipient to ensure that any
> attachments are virus free and PRIMUS bears no responsibility for any loss
> or damage arising in any way from the use thereof.The term "PRIMUS"
> includes its affiliates.
>
> ________________________________
>  Pour la version en français de ce message, veuillez voir
> http://www.primustel.ca/fr/legal/cs.htm



-- 
William Herrin ................ herrin () dirtside com  bill () herrin us
Dirtside Systems ......... Web: <http://www.dirtside.com/>