On Mar 11, 2011, at 10:51 AM, George Bonser wrote:
If you are a content provider, it doesn't make any difference if they take down the links between your routers or if they take down the link that your content farm is on.
Of course, it does - you may have many content farms/instances, and taking down point-to-point links can DoS your entire set of farms/instances, whereas an attack against a given endpoint access network doesn't necessarily mean that your other properties/networks/services are being attacked, as well. Limiting this vector to endpoint access networks also makes mitigation mechanisms far more practicable. There is no good reason to use /64s on point-to-point links. It is wasteful (please, no more about the supposed infinitude of IPv6 addresses; some of us reject this as being shortsighted and insufficiently visionary concerning eventual one-time-uses of IPv6 addresses at nanoscale) and turns your routers into sinkholes. It is a Very Bad Idea. ;> ----------------------------------------------------------------------- Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com> The basis of optimism is sheer terror. -- Oscar Wilde