On Tue, 4 May 2021 at 18:28, Adam Thompson <athomp...@merlin.mb.ca> wrote:
> I don't believe APIPA and Link-Local are precisely equivalent, but I agree > it's the closest thing IPv4 has. IS-IS/IPv4 would Agreed, APIPA is using link-local, but they're not the same. APIPA is an application or process which needs the use of link-local addresses. > presumably use APIPA addresses if nothing else were assigned to the > interface, based on my reading of the RFC. I'm unsure what the RFC authors > think should happen in a HELLO packet when the interface has multiple IPv4 > addresses, but none of that is my problem here. I doubt that it is implemented in such a way, but would be cute. > I don't like LLAs because they are - intrinsically - meaningless. In the > context of my L3 core, I know that for any subnet, .1/::1 is such-and-such a > router, .2/::2 is that one, .3/::3, is the other one, etc., etc. (Yes, I > have a very small & topologically simple L3 core. Let's not talk about L2!) > When I look at my IPv4 routing table, I know which next-hop is which just by > looking at it, and I can spot anomalies very easily. > > When I look at my IPv6 routing table, the next-hops are all... well... > gibberish, at least to me. My experience is that LLAs are not durable, so > memorizing them is not IMHO a useful task. Figuring out an (IS-IS) IPv6 > route currently involves a couple of extra steps to locate the LLA's > interface route, find the MAC address of that LLA on that link, and then > identify the router from its MAC address. > > Am I missing something obvious? I don't think you are, I read like an opinion piece so it's inherently not right or wrong. I don't have the same experience and I consider forcing LLA a blessing in limiting attack vectors and I personally don't see downsides as all addresses are gibbering to me, as my working memory contains very few digits. I wish ND had mandated LLA too, so many customer tickets due to poorly configured filters due to misunderstanding how ND works. -- ++ytti
