[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Using /126 for IPv6 router links

Subject: Using /126 for IPv6 router links
From: igor at gashinsky.net (Igor Gashinsky)
Date: Tue, 26 Jan 2010 19:33:17 -0500 (EST)
In-reply-to: <[email protected]>
References: <[email protected]><[email protected]> <[email protected]> <[email protected]>

On Mon, 25 Jan 2010, Matt Addison wrote:

:: You're forgetting Matthew Petach's suggestion- reserve/assign a /64 for
:: each PtP link, but only configure the first /126 (or whatever /126 you
:: need to get an amusing peer address) on the link. 

Matt meant "reserve/assign a /64 for each PtP link, but only configure the 
first */127* of the link", as that's the only way to fully mitigate the 
scanning-type attacks (with a /126, there is still the possibility of 
ping-pong on a p-t-p interface) w/o using extensive ACLs..

Anyways, that's what worked for us, and, as always, YMMV...

-igor

Follow-Ups:
- Using /126 for IPv6 router links
  - From: steve at ibctech.ca (Steve Bertrand)
- Using /126 for IPv6 router links
  - From: pekkas at netcore.fi (Pekka Savola)

References:
- Using /126 for IPv6 router links
  - From: mathias.seiler at mironet.ch (Mathias Seiler)
- Using /126 for IPv6 router links
  - From: mpetach at netflight.com (Matthew Petach)
- Using /126 for IPv6 router links
  - From: mathias.seiler at mironet.ch (Mathias Seiler)
- Using /126 for IPv6 router links
  - From: maddison at lightbound.net (Matt Addison)

Prev by Date: unreachable Sites
Next by Date: Using /126 for IPv6 router links
Previous by thread: Using /126 for IPv6 router links
Next by thread: Using /126 for IPv6 router links
Index(es):
- Date
- Thread