TJ wrote: [..]
A great counter-point to this is that if you do use /64s (or for that matter - anything shorter than the currently-not-recommended /127s, AFAIK), you should apply ACLs to them to prevent ping-pong.
One should be doing uRPF at minimum on all links anyway. BCP84 ;) If the user (or whatever you call the place where you send packets to) has a default route back and is not properly routing those packets can come back quite quickly. eg, route a /48 to the user. The user only uses the first /64, and doesn't care about the rest and doesn't route them to lo0 to avoid the default to match, the packets will nicely ping pong back to you. Easy solution: source address check, then the source will not be matching and you can drop the packet, or ICMP !A them so that the user might once figure out what goes on. Of course if user is sending packets with their source and their destination you will need another kind of filter, but they will only hurt themselves with it. Greets, Jeroen