On Wed, Nov 30, 2011 at 9:15 PM, Mike Jones <mike@mikejones.in> wrote:
Link-Local?
For "true" P-t-P links I guess you don't need any addresses on the
Point-to-point links in your backbone are by far the easiest thing to defend against this attack. I wish we would steer the discussion away from point-to-point links that are entirely within the control of the operator, as this is really quite well understood. Major ISPs including Level3 are already doing /126 to their customers today as well. In fact, Level3 does not even reserve a /64, they will hand out ::0/126 to one customer on a given access router, ::4/126 to the next. It clearly works. The access layer for non point-to-point customers, on the other hand, is less well-understood. That's why we keep having these discussions. Getting customers (and their device/software) to work correctly with link-local addressing and DHCP-PD or similar is going to be an uphill battle in a hosting environment. It also breaks down immediately if the hosting customer, for example, wishes to use ND to be able to provision addresses on two or more servers from a common subnet. So there are both perception and practical problems / limitations with this approach. I'm not saying it's a bad idea, but it won't work in some instances. -- Jeff S Wheeler <jsw@inconcepts.biz> Sr Network Operator / Innovative Network Concepts