nanog mailing list archives
Re: NIST IPv6 document
From: Owen DeLong <owen () delong com>
Date: Wed, 5 Jan 2011 21:31:37 -0800
On Jan 5, 2011, at 7:04 AM, Jack Bates wrote:
On 1/5/2011 6:29 AM, Dobbins, Roland wrote:Using /64s is insane because a) it's unnecessarily wasteful (no lectures on how large the space is, I know, and reject that argument out of hand) and b) it turns the routers/switches into sinkholes.Except someone was kind enough to develop a protocol that requires /64 to work. So then there is the SLAAC question. When might it be used? With routers, I usually don't use SLAAC. The exception is end user networks, which makes using SLAAC + DHCPv6-PD extremely dangerous for my edge routers. DHCPv6 IA_TA + DHCPv6-PD would be more sane, predictable, and filterable (and support longer than /64) thought my current edge layout can't support this (darn legacy IOS). I would love a dynamic renumbering scheme for routers, but until all routing protocols (especially iBGP) support shifting from one prefix to the next without a problem, it's a lost cause and manual renumbering is still required. Things like abstracting the router id from the transport protocol would be nice. I could be wrong, but I think ISIS is about it for protocols that won't complain. All that said, routers should be /126 or similar for links, with special circumstances and layouts for customer edge.
Why shouldn't I use /64 for links if I want to? I can see why you can say you want /126s, and that's fine, as long as you are willing to deal with the fall-out, your network, your problem, but, why tell me that my RFC-compliant network is somehow wrong?
For server subnets, I actually prefer leaving it /64 and using SLAAC with token assignments. This is easily mitigated with ACLs to filter any packets that don't fall within the range I generally use for the tokens, with localized exceptions for non-token devices which haven't been fully initialized yet (ie, stay behind stateful firewall until I've changed my IP to prefix::0-2FF). I haven't tried it, but I highly suspect it would fail, but it would be nice to use SLAAC with longer than /64.
SLAAC cannot function with longer than /64 because SLAAC depends on prefix + EUI-64 = address. Owen
Current thread:
- NIST IPv6 document Kevin Oberman (Jan 04)
- Re: NIST IPv6 document Jeff Wheeler (Jan 04)
- Re: NIST IPv6 document Mohacsi Janos (Jan 05)
- Re: NIST IPv6 document Jeff Wheeler (Jan 05)
- Re: NIST IPv6 document Dobbins, Roland (Jan 05)
- Re: NIST IPv6 document Jack Bates (Jan 05)
- Re: NIST IPv6 document Owen DeLong (Jan 05)
- Re: NIST IPv6 document Jack Bates (Jan 06)
- Re: NIST IPv6 document Mohacsi Janos (Jan 05)
- Re: NIST IPv6 document Owen DeLong (Jan 05)
- Re: NIST IPv6 document Robert E. Seastrom (Jan 06)
- Re: NIST IPv6 document Jeff Wheeler (Jan 06)
- Re: NIST IPv6 document Owen DeLong (Jan 06)
- Re: NIST IPv6 document Jeff Wheeler (Jan 06)
- Message not available
- Re: NIST IPv6 document Jeff Wheeler (Jan 06)
- Re: NIST IPv6 document Jeff Wheeler (Jan 04)
- Re: NIST IPv6 document Mark Smith (Jan 07)
- Re: NIST IPv6 document Dobbins, Roland (Jan 07)
- Re: NIST IPv6 document Mark Smith (Jan 07)