On Nov 28, 2011, at 4:51 52PM, Owen DeLong wrote:
>
> On Nov 28, 2011, at 7:29 AM, Ray Soucy wrote:
>
>> It's a good practice to reserve a 64-bit prefix for each network.
>> That's a good general rule. For point to point or link networks you
>> can use something as small as a 126-bit prefix (we do).
>>
>
> Technically, absent buggy {firm,soft}ware, you can use a /127. There's no
> actual benefit to doing anything longer than a /64 unless you have
> buggy *ware (ping pong attacks only work against buggy *ware),
> and there can be some advantages to choosing addresses other than
> ::1 and ::2 in some cases. If you're letting outside packets target your
> point-to-point links, you have bigger problems than neighbor table
> attacks. If not, then the neighbor table attack is a bit of a red-herring.
>
The context is DOCSIS, i.e., primarily residential cable modem users, and
the cable company ISPs do not want to spend time on customer care and
hand-holding. How are most v6 machines configured by default? That is,
what did Microsoft do for Windows Vista and Windows 7? If they're set for
stateless autoconfig, I strongly suspect that most ISPs will want to stick
with that and hand out /64s to each network. (That's apart from the larger
question of why they should want to do anything else...)
--Steve Bellovin, https://www.cs.columbia.edu/~smb
