On Mon, Oct 12, 2009 at 8:32 PM, Scott Morris <s...@emanon.com> wrote:

> How many addresses do you like on point-to-point circuits?
> Scott
I allocate a /64, but currently I configure only a /127 subnet on the
actual interface.  That prevents the neighbor table explosion/NS/ND
traffic flooding challenges that can occur otherwise if you configure
the link as a /64, and some not-nice person decides to start ping
sweeping or nmapping the subnet; your router has to send out NS
messages for every address in the /64 being probed, update the
neighbor table with the incomplete entry, then flush it out when
no ND message is seen.  On a point-to-point link between
routers you're never going to run stateless autoconfiguration,
so there's not much downside to configuring it as a /127.

Still...just in case, I do allocate the whole /64 for the link, so
that if in the future it turns out that for some reason it really,
*really* does have to be a /64 configured on it, I can make the
change just by adjusting masks on each end, rather than
having to actually renumber the entire network.

*shrug*  As always, your mileage will vary, but this has
worked out well for me so far.


Reply via email to