That was the point. :) Scott
Matthew Petach wrote: > > > On Mon, Oct 12, 2009 at 8:32 PM, Scott Morris <s...@emanon.com > <mailto:s...@emanon.com>> wrote: > > How many addresses do you like on point-to-point circuits? > > Scott > > > I allocate a /64, but currently I configure only a /127 subnet on the > actual interface. That prevents the neighbor table explosion/NS/ND > traffic flooding challenges that can occur otherwise if you configure > the link as a /64, and some not-nice person decides to start ping > sweeping or nmapping the subnet; your router has to send out NS > messages for every address in the /64 being probed, update the > neighbor table with the incomplete entry, then flush it out when > no ND message is seen. On a point-to-point link between > routers you're never going to run stateless autoconfiguration, > so there's not much downside to configuring it as a /127. > > Still...just in case, I do allocate the whole /64 for the link, so > that if in the future it turns out that for some reason it really, > *really* does have to be a /64 configured on it, I can make the > change just by adjusting masks on each end, rather than > having to actually renumber the entire network. > > *shrug* As always, your mileage will vary, but this has > worked out well for me so far. > > Matt >
