> From: Mathias Seiler [mailto:mathias.sei...@mironet.ch] > Subject: Re: Using /126 for IPv6 router links > > Ok let's summarize: > > /64: > + Sticks to the way IPv6 was designed (64 bits host part) > + Probability of renumbering very low > + simpler for ACLs and the like > + rDNS on a bit boundary > > <> You can give your peers funny names, like 2001:db8::dead:beef ;) > > - Prone to attacks (scans, router CPU load) > - "Waste" of addresses > - Peer address needs to be known, impossible to guess with 2^64 > addresses > > > /126 > + Only 4 addresses possible (memorable, not so error-prone at > configuration-time and while debugging) > + Not prone to scan-like attacks > > - Not on a bit boundary, so more complicated for ACLs and ... > - ... rDNS > - Perhaps need to renumber into /64 some time. > - No 64 bits for hosts
You're forgetting Matthew Petach's suggestion- reserve/assign a /64 for each PtP link, but only configure the first /126 (or whatever /126 you need to get an amusing peer address) on the link. + Sticks to the way IPv6 was designed (64 bits host part- even if it isn't all configured) + Probability of renumbering very low + simpler for ACLs and the like + rDNS on a bit boundary + Only 4 addresses possible (memorable, not so error-prone at configuration-time and while debugging) + Not prone to scan-like attacks + Easy to renumber into a /64 if you need to - "Waste" of addresses Seems to be a fairly good compromise, unless there's something I missed. ~Matt
