Merit Network
 Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives
North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: Using /126 for IPv6 router links

  • From: Pekka Savola
  • Date: Wed Jan 27 00:48:09 2010 
On Tue, 26 Jan 2010, Igor Gashinsky wrote:

Matt meant "reserve/assign a /64 for each PtP link, but only configure the
first */127* of the link", as that's the only way to fully mitigate the
scanning-type attacks (with a /126, there is still the possibility of
ping-pong on a p-t-p interface) w/o using extensive ACLs..

Anyways, that's what worked for us, and, as always, YMMV...
That's still relying on the fact that your vendor won't implement subnet-router anycast address and turn it on by default. That would mess up the first address of the link. But I suppose those would be pretty big ifs.

--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.