mailing list archives
RE: Using /126 for IPv6 router links
From: Igor Gashinsky <igor () gashinsky net>
Date: Tue, 26 Jan 2010 19:33:17 -0500 (EST)
On Mon, 25 Jan 2010, Matt Addison wrote:
:: You're forgetting Matthew Petach's suggestion- reserve/assign a /64 for
:: each PtP link, but only configure the first /126 (or whatever /126 you
:: need to get an amusing peer address) on the link.
Matt meant "reserve/assign a /64 for each PtP link, but only configure the
first */127* of the link", as that's the only way to fully mitigate the
scanning-type attacks (with a /126, there is still the possibility of
ping-pong on a p-t-p interface) w/o using extensive ACLs..
Anyways, that's what worked for us, and, as always, YMMV...