[ipv6-wg] IPv6 prefix delegation BCOP document available for comments and suggestions

On 28/03/2017 13:28, Philip Homburg wrote:
> Hi Jan,
>
> It's not clear to me why in Section 3.1.5, a global /64 prefix is recommended
> for PPPoE connections.
>
> Sections 3.1.2 and 3.1.3 talk about directly connecting hosts without any
> kind of CPE. As far I know, the last time that was in fashion for PPP links
> was with dial-up.

Hey,

Thank you for reading the document and commenting, I hope you find it 
useful.

You would be surprised how many residential customers still have CPE in 
bridge mode and are connecting to PPPoE service using Windows (or any 
other OS) PC using a PPPoE dialer, some of them even using multiple 
parallel PPPoE sessions from multiple computers sitting on the same 
network. In this case, even static /64 for WAN link would not work as in 
this case the assignments would not work for both of them and you need 
to setup a dynamic WAN numbering to accommodate multiple PPPoE sessions.

People still does strange things and since this is all about documenting 
the current operational practice, we need to take this into account.

>
> So I think that for PPPoE we can safely assume that a CPE can request a prefix
> using DHCPv6 PD.

Yes.

>
> As indirectly mentioned in Section 3.1.2, assigning a global /64 to a
> point-to-point link may open certain kinds of attacks. All links with a global
> /64 risk a ND exhaustion attack. However, point-to-points also risk a ping-pong
> attack.

Indeed. I believe we covered that with recommending /127 or similar.

>
> For a PPPoE link these issues are trivially solved to leaving the link
> unnumbered.

Again, for those, using a PPPoE dialer that would not work. If you are 
100% sure that nobody in your network is connecting using a PPPoE 
dialer, then yes, go ahead with unnumbered.

Cheers, Jan