On 1/17/17 1:55 PM, William Herrin wrote:
On Tue, Jan 17, 2017 at 4:07 PM, Matthew Huff <mhuff@ox.com> wrote:
The reason for allocating a /64 for a point to point link is due to various denial of service attack vectors.
if you mean allocating a /127, then... sure. Neighbor discovery on point to point links could be a problem as is the poential for looping behavior . There are of course ways other than allocating a longer prefix to a point to point link to achieve that, e.g. disabling it. among other things You have to disable DAD anyway if you ever plan to loop them up for testing. these are detailed in https://tools.ietf.org/html/rfc6164
Hi Matthew,
I'm always interested in learning something new. Please explain the DOS vectors you're referring to and how they're mitigated by allocating a /64 to the point to point link.
Just do it. No. But if you offer a good reason, I'll factor your reason in to my considerations.
Regards, Bill Herrin