Home page logo
/

nanog logo nanog mailing list archives

subnet prefix length > 64 breaks IPv6?
From: Glen Kent <glen.kent () gmail com>
Date: Sat, 24 Dec 2011 11:02:35 +0530

Hi,

I am trying to understand why standards say that "using a subnet
prefix length other than a /64 will break many features of IPv6,
including Neighbor Discovery (ND), Secure Neighbor Discovery (SEND)
[RFC3971], .. " [reference RFC 5375]

Or "A number of other features currently in development, or being
proposed, also rely on /64 subnet prefixes."

Is it because the 128 bits are divided into two 64 bit halves, where
the latter identifies an Interface ID which is uniquely derived from
the 48bit MAC address.

I am not sure if this is the reason as this only applies to the link
local IP address. One could still assign a global IPv6 address. So,
why does basic IPv6 (ND process, etc) break if i use a netmask of say
/120?

I know that several operators use /120 as a /64 can be quite risky in
terms of ND attacks. So, how does that work? I tried googling but
couldnt find any references that explain how IPv6 breaks with using a
netmask other than 64.

Glen


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault