10 Sep
2017
10 Sep
'17
6:56 a.m.
On 2017-09-10 00:09, Baldur Norddahl wrote:
You want to configure point to point interfaces as /127 or /126 even if you allocate a full /64 for the link. This prevents an NDP exhaustion attack with no downside.
An alternative is to just have link-local addresses on your point-to- point links. At least on your internal links where you run your IGP. On external links, where you run eBGP or static routes, it's probably more trouble than it is worth, though, since link-local addresses can change if you replace the hardware, requiring a config change on the other end. (Also, I'm not sure all BGP implementations support using link-local addresses.) /Bellman