nanog mailing list archives
Re: Using /126 for IPv6 router links
From: Mark Smith <nanog () 85d5b20a518b8f6864949bd940457dc124746ddc nosense org>
Date: Wed, 27 Jan 2010 18:02:51 +1030
On Wed, 27 Jan 2010 07:47:35 +0200 (EET) Pekka Savola <pekkas () netcore fi> wrote:
On Tue, 26 Jan 2010, Igor Gashinsky wrote:Matt meant "reserve/assign a /64 for each PtP link, but only configure the first */127* of the link", as that's the only way to fully mitigate the scanning-type attacks (with a /126, there is still the possibility of ping-pong on a p-t-p interface) w/o using extensive ACLs.. Anyways, that's what worked for us, and, as always, YMMV...That's still relying on the fact that your vendor won't implement subnet-router anycast address and turn it on by default. That would mess up the first address of the link. But I suppose those would be pretty big ifs.
A minor data point to this, Linux looks to be implementing the subnet-router anycast address when IPv6 forwarding is enabled, as it's specifying Solicited-Node multicast address membership for the all zeros node address in it's MLD announcements when an interface comes up.
-- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
Current thread:
- Re: Using /126 for IPv6 router links, (continued)
- Re: Using /126 for IPv6 router links Owen DeLong (Jan 24)
- Re: Using /126 for IPv6 router links Matthew Petach (Jan 25)
- Re: Using /126 for IPv6 router links Richard A Steenbergen (Jan 25)
- Re: Using /126 for IPv6 router links Mathias Seiler (Jan 25)
- RE: Using /126 for IPv6 router links Matt Addison (Jan 25)
- RE: Using /126 for IPv6 router links Igor Gashinsky (Jan 26)
- Re: Using /126 for IPv6 router links Steve Bertrand (Jan 26)
- Re: Using /126 for IPv6 router links Grzegorz Janoszka (Jan 27)
- RE: Using /126 for IPv6 router links TJ (Jan 27)
- RE: Using /126 for IPv6 router links Pekka Savola (Jan 26)
- Re: Using /126 for IPv6 router links Mark Smith (Jan 26)
- Re: Using /126 for IPv6 router links Jim Burwell (Jan 27)
- RE: Using /126 for IPv6 router links Igor Gashinsky (Jan 27)
- Re: Using /126 for IPv6 router links Steve Bertrand (Jan 27)
- Re: Using /126 for IPv6 router links Igor Gashinsky (Jan 27)
- Re: Using /126 for IPv6 router links Dale W. Carder (Jan 27)
- Re: Using /126 for IPv6 router links David Barak (Jan 28)
- Re: Using /126 for IPv6 router links Igor Gashinsky (Jan 28)
- Re: Using /126 for IPv6 router links Bill Stewart (Jan 29)
- Re: Using /126 for IPv6 router links Leo Bicknell (Jan 25)
- Re: Using /126 for IPv6 router links Owen DeLong (Jan 25)