I think you mean /127 since a /128 would not support 2 points on the point to point. Owen
On Jan 17, 2017, at 13:07 , Matthew Huff <mhuff@ox.com> wrote:
The reason for allocating a /64 for a point to point link is due to various denial of service attack vectors. Just do it. The numbers in IPv6 are staggering. The generally accepted best practice is to allocate a /64 and use a /128 within that /64 for point to point links.
---- Matthew Huff | 1 Manhattanville Rd Director of Operations | Purchase, NY 10577 OTA Management LLC | Phone: 914-460-4039 aim: matthewbhuff | Fax: 914-694-5669
-----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of William Herrin Sent: Tuesday, January 17, 2017 4:02 PM To: Michael Still <stillwaxin@gmail.com> Cc: nanog@nanog.org Subject: Re: Questions on IPv6 deployment
On Tue, Jan 17, 2017 at 12:48 PM, Michael Still <stillwaxin@gmail.com> wrote:
That's overall good advice. I quibble with a couple of points:
1. If you plan to use a /126 on a point to point and can't imagine how you would use a /64 on that point to point, don't allocate a /64. Odds are that by the time you can imagine some way to use a /64 there, the details will require you to assign a new block anyway.
Why be concerned about resource consumption? Because it's a good habit. Don't overdo it, IPv6 is not resource constrained the way IPv4 is, but shrewd use of available resources is a good habit even when resources are plentiful.
2. Make all your point to points /124. That will work for all your point to points. Serial or ethernet. Even the ethernets which have two high-availability routers on both ends along with the failover address needing a total of 6 IPs plus 1 for your troubleshooting laptop. Configuring /124 every time allows you to standardize your configuration, the same way /64 standardizes the netmask on a LAN deployment.
One additional point not brought up:
Minimum assignment to a customer: /60. Never ever /64 or /128. How much more than a /60 you choose as your minimum is up to you. Common choices are /56 and /48. But never, ever less than a /60. Your customer will want to deploy a /64 to each LAN. And there are so many cases where he'll want to deploy more than one LAN.
I've noticed a lot of hosting providers getting this wrong. Some of your customers do create VPNs on their VPC you know.
Regards, Bill Herrin
-- William Herrin ................ herrin@dirtside.com bill@herrin.us Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/>