[lacnog] [afnog] IPv 6 Point to Point at /64?

[Fernando Gont]

Hi, Arturo,

On 06/06/2012 07:11 PM, Arturo Servin wrote:
> Sorry, we agree to disagree. I do not buy the waste of IPv6 addresses
> argument. 

Well, it *is* a waste of addresses if you have 2^^64 addresses
available, but you already know (from starters) that you'll only use at
most a handful of them.


> If it were, we should start reviewing SLAAC.

We probably should. :-) For instance, traditional SLAAC (embedding the
MAC address) is a bad idea.... And mechanisms such as
draft-ietf-6man-stable-privacy-addresses or RFC 4941 could be easily
adapted to non-/64 prefixes (although the larger the subnet space, the
higher the resulting "unpredictability")



> The real problem with /64 IMHO is security; 

The security problems with /64s do not really have to do with the /64s
themselves, but rather with buggy Neighbor Discovery implementations
that are dumb enough to not enforce limits on the number of entries in
the Neighbor Cache, and that fail to implement appropriate garbage
collection for the Neighbor Cache.

Cheers,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont en si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492