nanog mailing list archives
Re: IPv6 Loopback/Point-to-Point address allocation
From: Thomas Bellman <bellman () nsc liu se>
Date: Sun, 10 Sep 2017 12:56:08 +0200
On 2017-09-10 00:09, Baldur Norddahl wrote:
You want to configure point to point interfaces as /127 or /126 even if you allocate a full /64 for the link. This prevents an NDP exhaustion attack with no downside.
An alternative is to just have link-local addresses on your point-to- point links. At least on your internal links where you run your IGP. On external links, where you run eBGP or static routes, it's probably more trouble than it is worth, though, since link-local addresses can change if you replace the hardware, requiring a config change on the other end. (Also, I'm not sure all BGP implementations support using link-local addresses.) /Bellman
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- IPv6 Loopback/Point-to-Point address allocation Kody Vicknair (Sep 09)
- Re: IPv6 Loopback/Point-to-Point address allocation Baldur Norddahl (Sep 09)
- Re: IPv6 Loopback/Point-to-Point address allocation Nick Hilliard (Sep 10)
- Re: IPv6 Loopback/Point-to-Point address allocation Enno Rey (Sep 10)
- Re: IPv6 Loopback/Point-to-Point address allocation Job Snijders (Sep 10)
- Re: IPv6 Loopback/Point-to-Point address allocation Enno Rey (Sep 10)
- Re: IPv6 Loopback/Point-to-Point address allocation Enno Rey (Sep 10)
- Re: IPv6 Loopback/Point-to-Point address allocation sthaug (Sep 10)
- Re: IPv6 Loopback/Point-to-Point address allocation Nick Hilliard (Sep 10)
- Re: IPv6 Loopback/Point-to-Point address allocation Baldur Norddahl (Sep 09)
- Re: IPv6 Loopback/Point-to-Point address allocation Saku Ytti (Sep 10)
- Re: IPv6 Loopback/Point-to-Point address allocation Enno Rey (Sep 10)
- Re: IPv6 Loopback/Point-to-Point address allocation Nikolay Shopik (Sep 11)
- Re: IPv6 Loopback/Point-to-Point address allocation Owen DeLong (Sep 11)
- Message not available
- Re: IPv6 Loopback/Point-to-Point address allocation Owen DeLong (Sep 15)
- Re: IPv6 Loopback/Point-to-Point address allocation Saku Ytti (Sep 12)
- <Possible follow-ups>
- RE: IPv6 Loopback/Point-to-Point address allocation Kody Vicknair (Sep 09)