I am sorry if I stepped on something sore. I am not dismissing any arguments, and I am genuinely interested in any advantages and disadvantages to the approach. There is more than one way to design a network and all I am saying is this far it is working great for me. The two disadvantages put forward so far have not been of any consequences in my network. But I am concerned that you say that I am still vulnerable to NDP attacks. Could you elaborate on that please? About loopback not being an unique identifier, please remember that none of the IP addresses on a host is that. An IP address belongs to the host, not the interface. Creating addresses on interfaces is just an alias for creating the same address as loopback and adding a net route on the interface. Don't believe me? Try it out! "I can’t help that your equipment is ill-behaved at best." That is not ill-behaved. It is the correct behavior. Try unplugging the netcable from your computer - you will NOT lose the IP-address unless you have a DHCP daemon that takes it away. Regards, Baldur On 9 October 2014 22:38, Owen DeLong <owen@delong.com> wrote:
On Oct 9, 2014, at 1:25 PM, Baldur Norddahl <baldur.norddahl@gmail.com> wrote:
On 9 October 2014 22:01, Owen DeLong <owen@delong.com> wrote:
Why do people assign addresses to point-to-point links at all? You can just use a host /128 route to the loopback address of the peer. Saves you the hassle of coming up with new addresses for every link. Same trick works for IPv4 too.
Regards,
Baldur
<SARCASM>
And it makes your trace-routes across parallel links oh so easy to identify which of them is at fault for the packet loss, too.
</SARCASM>
There are a ton of other technologies with the same problem. Do you never use link aggregation? My "parallel links" are all link aggregations, so I would not have a way to identify links by traceroute anyway.
Your design problems don’t have to be mine.
Just because you have created that problem through another mechanism doesn’t pose a reason anyone else should accept the same problem in a different circumstance.
There are a number of good technical reasons to want distinct addresses on
point to point links.
I am sure there are. Tell me about them.
I gave you one. You decided to dismiss it on the basis of “it wouldn’t help me anyway because I use this other thing that is broken that way regardless.”
Some others (not a conclusive list by any means): Having public addresses in trace-routes, ideally with good reverse DNS is actually useful. Clarity is almost always an advantage over obscurity when one is troubleshooting something. Being able to ping the link address is useful for troubleshooting. Being able to source packets from a particular link address can be useful for troubleshooting.
I am not disputing that there are many reasons to sometimes use link addresses. My question is why do you do it by default?
So far we have heard two arguments:
1) You can ping the link address. I assume his equipment will down the address if the link is down. My equipment does not do this, I can ping it as long it is administrative up no matter link status. So this test is useless to me. I am monitoring links by SNMP anyway.
I can’t help that your equipment is ill-behaved at best. Perhaps you should consider alternatives. I certainly don’t think that designing everyone else’s network to the level of brokenness in your particular environment is particularly valid.
2) Parallel links. I don't have many of those, and the ones I have are
link
aggregations. MPLS interferes with this too.
On the other hand not using link addresses has some advantages:
1) You don't need to assign and document them.
Sure you do, it’s just harder. You’re now using essentially an “unnumbered interface” which needs to be documented as such so that people know that when a given loopback shows up, it’s not a unique identifier, but ambiguous across several interfaces.
2) It is easy to think about: Router A talks to Router B on link AB. Every router has only one address so you don't need to remember which address to use.
I don’t have to remember which address to use normally. This is not an advantage. I can always use the loopback address to talk to a router if my environment is correctly functioning. If it is not, removing the ambiguity of unnumbered link addresses is more helpful than being able to use one address for each router while unable to know how traffic is actually flowing as a result.
3) You avoid having a lot of addresses configured on your router.
I don’t see this as an advantage. For a number of reasons (some of which I have expressed above) it is, in fact, a disadvantage.
4) You are immune to all the NDP attacks.
No you aren’t. You just change the nature of those attacks.
5) You are immune to the monthly NANOG debate about using /127 vs /126 vs /124 vs /64. The correct answer is clearly use /128 :-).
Except that it’s clearly an incorrect answer, IMHO.
Owen