Re: IPv6 prefixes longer then /64: are they possible in DOCSIS networks?

[Fred Baker <fred () cisco com>]

Basically, if the address used by a host is allocated using RFC 3971/4861/4941, the host assumes a /64 from the router 
and concocts a 64 bit EID as specified. If the address used by the host is allocated using DHCP/DHCPv6, it is the 128 
bit number assigned by the DHCP server. I see no reason you couldn't use a /127 prefix if the link was point to point.

As you note, there is significant deployment of ND, and insignificant deployment of DHCPv6. However, any network that 
is in control of all of its hosts should be able to specify the use of DHCPv6.

On Nov 28, 2011, at 2:39 PM, Brzozowski, John wrote:

> I mentioned this in an earlier reply.  CM vs CPE vs CPE router are all
> different use cases.  From a CPE or CPE router point of view SLAAC will
> likely not be used to provisioned devices, stateful DHCPv6 is required.
> As such Vista/7 machines that are directly connected to cable modems will
> receive an IPv6 address and configuration options via stateful DHCPv6.
> The same now applies to OSX Lion.
>
>
> I do agree that many host implementations have been built around /64
> assumptions and departures from the same at this time will seemingly
> introduce more problems that benefits.
>
> John
>
> On 11/28/11 5:00 PM, "Steven Bellovin" <smb () cs columbia edu> wrote:
>
> > On Nov 28, 2011, at 4:51 52PM, Owen DeLong wrote:
> >
> > > On Nov 28, 2011, at 7:29 AM, Ray Soucy wrote:
> > >
> > > > It's a good practice to reserve a 64-bit prefix for each network.
> > > > That's a good general rule.  For point to point or link networks you
> > > > can use something as small as a 126-bit prefix (we do).
> > >
> > > Technically, absent buggy {firm,soft}ware, you can use a /127. There's
> > > no
> > > actual benefit to doing anything longer than a /64 unless you have
> > > buggy *ware (ping pong attacks only work against buggy *ware),
> > > and there can be some advantages to choosing addresses other than
> > > ::1 and ::2 in some cases. If you're letting outside packets target your
> > > point-to-point links, you have bigger problems than neighbor table
> > > attacks. If not, then the neighbor table attack is a bit of a
> > > red-herring.
> >
> > The context is DOCSIS, i.e., primarily residential cable modem users, and
> > the cable company ISPs do not want to spend time on customer care and
> > hand-holding.  How are most v6 machines configured by default?  That is,
> > what did Microsoft do for Windows Vista and Windows 7?  If they're set for
> > stateless autoconfig, I strongly suspect that most ISPs will want to stick
> > with that and hand out /64s to each network.  (That's apart from the
> > larger
> > question of why they should want to do anything else...)
> >
> >
> >              --Steve Bellovin, https://www.cs.columbia.edu/~smb