Home page logo
/

nanog logo nanog mailing list archives

RE: Using /126 for IPv6 router links
From: Igor Gashinsky <igor () gashinsky net>
Date: Tue, 26 Jan 2010 19:33:17 -0500 (EST)

On Mon, 25 Jan 2010, Matt Addison wrote:

:: You're forgetting Matthew Petach's suggestion- reserve/assign a /64 for
:: each PtP link, but only configure the first /126 (or whatever /126 you
:: need to get an amusing peer address) on the link. 

Matt meant "reserve/assign a /64 for each PtP link, but only configure the 
first */127* of the link", as that's the only way to fully mitigate the 
scanning-type attacks (with a /126, there is still the possibility of 
ping-pong on a p-t-p interface) w/o using extensive ACLs..

Anyways, that's what worked for us, and, as always, YMMV...

-igor


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault