On Thu, Oct 9, 2014 at 10:40 AM, William Herrin <bill@herrin.us> wrote:
On Thu, Oct 9, 2014 at 12:29 PM, Richard Hicks <richard.hicks@gmail.com> wrote:
Sixty replies and no one linked to the BCOP? Is there a reason we are ignoring it?
Hi Richard,
It's dated (a *lot* about IPv6 has changed since 2011) and a we've learned enough to know some of the things in there are dubious. For example:
"Regardless of the number of hosts on an individual LAN or WAN segment, every multi-access network (non-point-to-point) requires at least one /64 prefix."
But using /64s on WAN links invites needless problems with neighbor discovery when an attacker decides to send one ping each to half a million adresses all of which happen to land on that WAN link. WAN links should really use something whose size is much closer to the number of routers on the link, in the same order of magnitude anyway. So /64s for LANs, sure, but size the WAN links small to make them less vulnerable to attack.
The BCOP specfically addresses this in 4b: " *b. Point-to-point links should be allocated a /64 and configured with a /126 or /127*"
And:
"Only subnet on nibble boundaries" is not reasonable. When I need two LANs in a building I should burn 14 more to get to a nibble boundary? Really?
"Only delegate on nibble boundaries" is a more reasonable statement. When you assign addresses to your customer or to a different internal team's control, THAT should be on a nibble boundary for the customer's convenience understanding the written-down version of what network is theirs and for your convenience when it comes time to delegate reverse DNS.
Inside your network under control of the same engineers, subnet and route just as you would with IPv4.
Regards, Bill Herrin
-- William Herrin ................ herrin@dirtside.com bill@herrin.us Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/> May I solve your unusual networking challenges?