This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/ipv6-wg@ripe.net/
[ipv6-wg] IPv6 on P2P links
- Previous message (by thread): [ipv6-wg] IPv6 on P2P links
- Next message (by thread): [ipv6-wg] IPv6 on P2P links
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Martin Millnert
millnert at gmail.com
Thu May 26 17:37:34 CEST 2011
Hi, On Thu, May 26, 2011 at 8:43 AM, Marco Hogewoning <marcoh at marcoh.net> wrote: > On May 26, 2011, at 2:25 PM, Yannis Nikolopoulos wrote: > >> so, >> >> other than the fact that it's wasteful, is there any other reason for not using /64 (that's what we're using) on p2p links? > > I wouldn't describe it as wastwful, every subnet is per standard /64 anyway. The primary reason are security concerns like the fact that you might be able to trick a machine into sending loads of ND messages (or responses), filling up the neighbor cache or CAM table. > Yes. I recommend http://inconcepts.biz/~jsw/IPv6_NDP_Exhaustion.pdf for more details on this. It seems to be a pretty serious issue in most implementations. The author of the PDF recommends allocating /64 but using whatever fits your need. This way you'll stay ready for the future, should you have a reason to change, interoperability or other. Best regards, Martin
- Previous message (by thread): [ipv6-wg] IPv6 on P2P links
- Next message (by thread): [ipv6-wg] IPv6 on P2P links
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ ipv6-wg Archives ]