On Tue, 12 Jul 2016 15:30:11 +0300, Nikolai Petrov said:
Is there any way to limit the amount of devices in a subnet to avoid problems and attacks? I don't think the equipment will work with 2^64 devices in a single subnet..
Sure. Just don't connect that many devices to one subnet, just the same as you do in IPv4. No need to drop them all into one subnet. You got a /56, so you can make 256 /64s out of it. Carve it up whatever way your cabling says to do it. Maybe one subnet for your external router to all your in-building switches, then each switch has a subnet for one floor/office suite/whatever and 1 interface on your organization-wide fabric. Maybe something else - but in general you'll be using a subnet everyplace you'd use one in IPv4.
So why are these addresses there? For installations not connected to the Internet?
Exactly. It's an attempt to avoid the current mess during corporate acquisitions where they find out that both companies used 10.16.12.0/24 for different things.
Is there a reason you use DHCPv6 and SLAAC? Is it for compatibility?
My laptop works just fine at both home and work just using SLAAC - I hit both mostly to make sure that if I'm travelling and hit someplace where the routers don't do SLAAC, I'll still configure. And as I noted, I do it at least partially to stress-test for stuff like network logging tools, to make sure they don't fall over if they see an address that isn't either SLAAC or DHCPv6, and so on...
Can I use the DHCPv4 to give out DNSv6 addresses?
No. You'll need to use either SLAAC or DHCPv6 for that.