nanog mailing list archives
Re: Questions on IPv6 deployment
From: joel jaeggli <joelja () bogus com>
Date: Tue, 17 Jan 2017 14:07:40 -0800
On 1/17/17 1:55 PM, William Herrin wrote:
On Tue, Jan 17, 2017 at 4:07 PM, Matthew Huff <mhuff () ox com> wrote:The reason for allocating a /64 for a point to point link is due to various denial of service attack vectors.
if you mean allocating a /127, then... sure. Neighbor discovery on point to point links could be a problem as is the poential for looping behavior . There are of course ways other than allocating a longer prefix to a point to point link to achieve that, e.g. disabling it. among other things You have to disable DAD anyway if you ever plan to loop them up for testing. these are detailed in https://tools.ietf.org/html/rfc6164
Hi Matthew, I'm always interested in learning something new. Please explain the DOS vectors you're referring to and how they're mitigated by allocating a /64 to the point to point link. Just do it.No. But if you offer a good reason, I'll factor your reason in to my considerations. Regards, Bill Herrin
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Re: Questions on IPv6 deployment, (continued)
- Re: Questions on IPv6 deployment Chris Russell (Jan 16)
- Re: Questions on IPv6 deployment Ca By (Jan 16)
- Re: Questions on IPv6 deployment William Herrin (Jan 17)
- Re: Questions on IPv6 deployment Sander Steffann (Jan 17)
- Re: Questions on IPv6 deployment Michael Still (Jan 17)
- Re: Questions on IPv6 deployment Michael Still (Jan 17)
- Re: Questions on IPv6 deployment William Herrin (Jan 17)
- RE: Questions on IPv6 deployment Matthew Huff (Jan 17)
- Re: Questions on IPv6 deployment Owen DeLong (Jan 17)
- Re: Questions on IPv6 deployment William Herrin (Jan 17)
- Re: Questions on IPv6 deployment joel jaeggli (Jan 17)
- RE: Questions on IPv6 deployment Matthew Huff (Jan 17)
- Re: Questions on IPv6 deployment William Herrin (Jan 17)
- Re: Questions on IPv6 deployment Sander Steffann (Jan 17)
- Re: Questions on IPv6 deployment William Herrin (Jan 17)
- Re: Questions on IPv6 deployment Michael Still (Jan 17)