Re: Questions on IPv6 deployment

[joel jaeggli <joelja () bogus com>]

On 1/17/17 1:55 PM, William Herrin wrote:
> On Tue, Jan 17, 2017 at 4:07 PM, Matthew Huff <mhuff () ox com> wrote:
> > The reason for allocating a /64 for a point to point link is due to various denial of service attack vectors.


if you mean allocating a /127, then... sure.

Neighbor discovery on point to point links could be a problem as is the
poential for looping behavior . There are of course ways other than
allocating a longer prefix to a point to point link to achieve that, 
e.g. disabling it. among other things You have to disable DAD anyway if
you ever plan to loop them up for testing.

these are detailed in

https://tools.ietf.org/html/rfc6164
> > Hi Matthew,
> >
> > I'm always interested in learning something new. Please explain the
> > DOS vectors you're referring to and how they're mitigated by
> > allocating a /64 to the point to point link.
> >
> >
> > Just do it.
> No. But if you offer a good reason, I'll factor your reason in to my
> considerations.
>
> Regards,
> Bill Herrin

Attachment: signature.asc
Description: OpenPGP digital signature