[ipv6-wg] IPv6 on P2P links

On 05/26/2011 06:37 PM, Martin Millnert wrote:
> Hi,
>
> On Thu, May 26, 2011 at 8:43 AM, Marco Hogewoning<marcoh at marcoh.net>  wrote:
>> On May 26, 2011, at 2:25 PM, Yannis Nikolopoulos wrote:
>>
>>> so,
>>>
>>> other than the fact that it's wasteful, is there any other reason for not using /64 (that's what we're using) on p2p links?
>> I wouldn't describe it as wastwful, every subnet is per standard /64 anyway. The primary reason are security concerns like the fact that you might be able to trick a machine into sending loads of ND messages (or responses), filling up the neighbor cache or CAM table.
>>
> Yes.  I recommend http://inconcepts.biz/~jsw/IPv6_NDP_Exhaustion.pdf
> for more details on this. It seems to be a pretty serious issue in
> most implementations. The author of the PDF recommends allocating /64
> but using whatever fits your need. This way you'll stay ready for the
> future, should you have a reason to change, interoperability or other.
>
> Best regards,
> Martin
>

i should've been more elaborate in my original post. One one hand, 
allocating a /64 per p2p link *could* be considered wasteful and Cisco's 
"official" word was to use /64 on p2p links as all code is optimized for 
that boundary.

On the other hand, there's the NDP cache exhaustion issue mentioned in 
rfc6164 (this issue can be minimized by a sane security policy btw) plus 
Gunter's (very informative) comments.

Allocating and using /64 on p2p links sounds tidy. The "allocating" 
part, we'll stick with, the "using" part remains to be seen

regards,
Yannis