[6bone] Is minimum allocation /64 now?

Jørgen Hovland jorgen@hovland.cx
Fri, 24 Oct 2003 15:54:40 +0100

Previous message: [6bone] Is minimum allocation /64 now?
Next message: [6bone] Is minimum allocation /64 now?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> On Fri, 24 Oct 2003, Jesper Skriver wrote:
> > > 3ffe:ffff:ffff::f01:{1,2}/126
> >
> > But using a non /126 or /127 on a p2p link can result in a forwarding
> > loop, assume the the 2 routers have :1 and :2, and someone sends traffic
> > to :3, if the netmask is larger than /126, the routers will do a longest
> > match lookup, will find the interface prefix, and send the packet on the
> > p2p interface - unless they have a specific check to drop these packets.
>
> This can only be _theoretically_ avoided by the use of a /127 or two
> /128's (or just leaving out the address altogether).  /126 is equally
> affected, as IPv6 does not have the broadcast address; /126 is not a
> equivalent to IPv4 /30.
>
> Whether the implementations check these things is another matter..
>

In some scenarios, we use /127 or /128 on p2p-links (the transport
layer/protocol is irrelevant) because we do not want other third parties to
communicate by grabbing an availible IP, or we do not want the other second
party to be able to use more than 1 IP. This is a security concern we
consider important. Does this mean that we have to use IP-filters in the
future to setup p2p-links if the standard becomes /64 ?

Joergen Hovland ENK

Previous message: [6bone] Is minimum allocation /64 now?
Next message: [6bone] Is minimum allocation /64 now?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]