nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IPv6 prefixes longer then /64: are they possible in DOCSIS networks?

From: "Brzozowski, John" <John_Brzozowski () Cable Comcast com>
Date: Mon, 28 Nov 2011 22:33:41 +0000
On 11/28/11 10:29 AM, "Ray Soucy" <rps () maine edu> wrote:



It's a good practice to reserve a 64-bit prefix for each network.
That's a good general rule.  For point to point or link networks you
can use something as small as a 126-bit prefix (we do).

[jjmb] for point to point I agree with this point.  If a /64 is reserved
one has greater flexibility as far as what is configured on the interfaces.


When it comes to implementation, though, it's not as simple as a yes
or no answer.

The actual use of 64-bit prefixes is not something I would currently
recommend for large-scale deployments due to the denial of service
attack vector it opens up (neighbor table exhaustion).

[jjmb] not sure I agree, this depends on where the prefix is being
installed in the network.


Not using 64-bit prefixes tosses SLAAC out the window; but for many
networks SLAAC may not be desirable anyway due to the lack of control
it presents.

Once vendors come out with routers that are able to protect against
neighbor table exhaustion, moving to a 64-bit prefix (which you
hopefully reserved) will allow you to be more flexible in what
addressing methods are used.

On Mon, Nov 28, 2011 at 6:37 AM, Dmitry Cherkasov <doctorchd () gmail com>
wrote:

Hello everybody,

It is commonly agreed that /64 is maximal length for LANs because if
we use longer prefix we introduce conflict with stateless address
autoconfiguration (SLAAC) based on EUI-64 spec. But  SLAAC is not used
in DOCSIS networks. So there seems to be no objections to use smaller
networks per cable interfaces of CMTS. I was not able to find any
recommendations anywhere including Cable Labs specs for using
prefixes not greater then /64 in DOCSIS networks. Some tech from ISP
assumed that DHCPv6 server may generate interface ID part of IPv6
address similarly to EUI-64 so MAC address of the device can easily be
obtained from its IPv6 address, but this does not seem like convincing
argument. What do you think?


Dmitry Cherkasov






-- 
Ray Soucy

Epic Communications Specialist

Phone: +1 (207) 561-3526

Networkmaine, a Unit of the University of Maine System
http://www.networkmaine.net/
Previous By Date Next
Previous By Thread Next

Current thread: