Re: IPv6 prefixes longer then /64: are they possible in DOCSIS networks?

[Dmitry Cherkasov <doctorchd () gmail com>]

Steven,

SLAAC is prohibited for using in DOCSIS networks, router
advertisements that allow SLAAC must be ignored by end-devices,
therefore DHCPv6 is the only way of configuring (if not talking about
statical assignment). I have seen at least Windows7 handling this
properly in its default configuration: it starts DHCPv6 negotiation
instead of auto-configuration.

Dmitry Cherkasov



2011/11/29 Steven Bellovin <smb () cs columbia edu>:
> On Nov 28, 2011, at 4:51 52PM, Owen DeLong wrote:
>
> > On Nov 28, 2011, at 7:29 AM, Ray Soucy wrote:
> >
> > > It's a good practice to reserve a 64-bit prefix for each network.
> > > That's a good general rule.  For point to point or link networks you
> > > can use something as small as a 126-bit prefix (we do).
> >
> > Technically, absent buggy {firm,soft}ware, you can use a /127. There's no
> > actual benefit to doing anything longer than a /64 unless you have
> > buggy *ware (ping pong attacks only work against buggy *ware),
> > and there can be some advantages to choosing addresses other than
> > ::1 and ::2 in some cases. If you're letting outside packets target your
> > point-to-point links, you have bigger problems than neighbor table
> > attacks. If not, then the neighbor table attack is a bit of a red-herring.
>
> The context is DOCSIS, i.e., primarily residential cable modem users, and
> the cable company ISPs do not want to spend time on customer care and
> hand-holding.  How are most v6 machines configured by default?  That is,
> what did Microsoft do for Windows Vista and Windows 7?  If they're set for
> stateless autoconfig, I strongly suspect that most ISPs will want to stick
> with that and hand out /64s to each network.  (That's apart from the larger
> question of why they should want to do anything else...)
>
>
>                --Steve Bellovin, https://www.cs.columbia.edu/~smb