On Thu, Oct 9, 2014 at 10:40 AM, William Herrin <b...@herrin.us> wrote:
> On Thu, Oct 9, 2014 at 12:29 PM, Richard Hicks <richard.hi...@gmail.com> > wrote: > > Sixty replies and no one linked to the BCOP? > > Is there a reason we are ignoring it? > > Hi Richard, > > It's dated (a *lot* about IPv6 has changed since 2011) and a we've > learned enough to know some of the things in there are dubious. For > example: > > "Regardless of the number of hosts on an individual LAN or WAN > segment, every multi-access network (non-point-to-point) requires at > least one /64 prefix." > > But using /64s on WAN links invites needless problems with neighbor > discovery when an attacker decides to send one ping each to half a > million adresses all of which happen to land on that WAN link. WAN > links should really use something whose size is much closer to the > number of routers on the link, in the same order of magnitude anyway. > So /64s for LANs, sure, but size the WAN links small to make them less > vulnerable to attack. > The BCOP specfically addresses this in 4b: " *b. Point-to-point links should be allocated a /64 and configured with a /126 or /127*" > And: > > "Only subnet on nibble boundaries" is not reasonable. When I need two > LANs in a building I should burn 14 more to get to a nibble boundary? > Really? > > "Only delegate on nibble boundaries" is a more reasonable statement. > When you assign addresses to your customer or to a different internal > team's control, THAT should be on a nibble boundary for the customer's > convenience understanding the written-down version of what network is > theirs and for your convenience when it comes time to delegate reverse > DNS. > > Inside your network under control of the same engineers, subnet and > route just as you would with IPv4. > > Regards, > Bill Herrin > > > > -- > William Herrin ................ her...@dirtside.com b...@herrin.us > Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/> > May I solve your unusual networking challenges? >
