[AusNOG] IPv6 Addressing

Mark Smith nanog at 85d5b20a518b8f6864949bd940457dc124746ddc.nosense.org
Tue Apr 5 07:48:13 EST 2011


On Mon, 4 Apr 2011 13:46:29 +0000
Mark Grinceri <Mark at grinceri.com.au> wrote:

> Hi All,
> 
> I have received our IPv6 allocation from APNIC. Now the question is what is everyone doing for there point to point links /64, /126 or /127
> 
> From what I can gather most articles are just saying use /64, however I'm heading towards /126 but I'd like to know what the majority of IPv6 networks are assigning (ie Internode). I only want to do this once.
> 

The idea behind using /64s for point-to-point links, and actually
all links (see RFC4291), is both simplicity and having the same sized
64 bit interface identifiers for all end-nodes. If every link is a /64
you can't make a prefix length mistake when typing it, troubleshooting
it etc. All the issues related to dealing variable length subnets we've
had with IPv4 disappear (like in the good old IPX and Appletalk days).
If "complex = more things that can break", then the simpler things are
the better, IMO.

There are some concerns regarding ND cache attacks from off link
sources, caused by people sweep pinging non-existent IPv6 addresses in
the /64. A number of vendors have switched off neighbor discovery on
(true e.g. PPP) point-to-point links to overcome that (and you can't
switch it back on if you want to). That in itself causes a number of
issues, so people are then mitigating those by using /127s. My
suggestion is if you want to go down that path, allocate /64s for all
your point-to-point links, then use /127 prefix lengths on the
interfaces - and use the /64 prefix length to refer to link prefix
every where else you can e.g. in ACLs. That means that when a better
solution is designed to overcome the ND cache issue, you can just
shorten your prefix length back to a /64 and then have the simplicity
of all links having /64 bit interface identifiers. Shortening a prefix
length would be much easier than having to change both their prefix
length and their prefix number at the same time.

You also might want to have a look at 

IPv6 Unicast Address Assignment Considerations
http://www.ietf.org/rfc/rfc5375.txt

which discusses general addressing issues, and gives a few example
addressing schemes for Enterprise and Service Provider networks.

Regards,
Mark.



More information about the AusNOG mailing list