On Tue, 4 May 2021 at 18:28, Adam Thompson <athompson@merlin.mb.ca> wrote:
I don't believe APIPA and Link-Local are precisely equivalent, but I agree it's the closest thing IPv4 has. IS-IS/IPv4 would
Agreed, APIPA is using link-local, but they're not the same. APIPA is an application or process which needs the use of link-local addresses.
presumably use APIPA addresses if nothing else were assigned to the interface, based on my reading of the RFC. I'm unsure what the RFC authors think should happen in a HELLO packet when the interface has multiple IPv4 addresses, but none of that is my problem here.
I doubt that it is implemented in such a way, but would be cute.
I don't like LLAs because they are - intrinsically - meaningless. In the context of my L3 core, I know that for any subnet, .1/::1 is such-and-such a router, .2/::2 is that one, .3/::3, is the other one, etc., etc. (Yes, I have a very small & topologically simple L3 core. Let's not talk about L2!) When I look at my IPv4 routing table, I know which next-hop is which just by looking at it, and I can spot anomalies very easily.
When I look at my IPv6 routing table, the next-hops are all... well... gibberish, at least to me. My experience is that LLAs are not durable, so memorizing them is not IMHO a useful task. Figuring out an (IS-IS) IPv6 route currently involves a couple of extra steps to locate the LLA's interface route, find the MAC address of that LLA on that link, and then identify the router from its MAC address.
Am I missing something obvious?
I don't think you are, I read like an opinion piece so it's inherently not right or wrong. I don't have the same experience and I consider forcing LLA a blessing in limiting attack vectors and I personally don't see downsides as all addresses are gibbering to me, as my working memory contains very few digits. I wish ND had mandated LLA too, so many customer tickets due to poorly configured filters due to misunderstanding how ND works. -- ++ytti