nanog mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Questions on IPv6 deployment

From: Matthew Huff <mhuff () ox com>
Date: Tue, 17 Jan 2017 21:07:50 +0000
The reason for allocating a /64 for a point to point link is due to various denial of service attack vectors. Just do 
it. The numbers in IPv6 are staggering. The generally accepted best practice is to allocate a /64 and use a /128 within 
that /64 for point to point links.

----
Matthew Huff             | 1 Manhattanville Rd
Director of Operations   | Purchase, NY 10577
OTA Management LLC       | Phone: 914-460-4039
aim: matthewbhuff        | Fax:   914-694-5669



-----Original Message-----
From: NANOG [mailto:nanog-bounces () nanog org] On Behalf Of William
Herrin
Sent: Tuesday, January 17, 2017 4:02 PM
To: Michael Still <stillwaxin () gmail com>
Cc: nanog () nanog org
Subject: Re: Questions on IPv6 deployment

On Tue, Jan 17, 2017 at 12:48 PM, Michael Still <stillwaxin () gmail com>
wrote:

http://nabcop.org/index.php/IPv6_Subnetting


That's overall good advice. I quibble with a couple of points:

1. If you plan to use a /126 on a point to point and can't imagine how
you would use a /64 on that point to point, don't allocate a /64. Odds
are that by the time you can imagine some way to use a /64 there, the
details will require you to assign a new block anyway.

Why be concerned about resource consumption? Because it's a good
habit. Don't overdo it, IPv6 is not resource constrained the way IPv4
is, but shrewd use of available resources is a good habit even when
resources are plentiful.

2. Make all your point to points /124. That will work for all your
point to points. Serial or ethernet. Even the ethernets which have two
high-availability routers on both ends along with the failover address
needing a total of 6 IPs plus 1 for your troubleshooting laptop.
Configuring /124 every time allows you to standardize your
configuration, the same way /64 standardizes the netmask on a LAN
deployment.



One additional point not brought up:

Minimum assignment to a customer: /60. Never ever /64 or /128. How
much more than a /60 you choose as your minimum is up to you. Common
choices are /56 and /48. But never, ever less than a /60.   Your
customer will want to deploy a /64 to each LAN. And there are so many
cases where he'll want to deploy more than one LAN.

I've noticed a lot of hosting providers getting this wrong. Some of
your customers do create VPNs on their VPC you know.

Regards,
Bill Herrin


--
William Herrin ................ herrin () dirtside com  bill () herrin us
Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/>
Previous By Date Next
Previous By Thread Next

Current thread: