Home page logo
/

nanog logo nanog mailing list archives

Re: subnet prefix length > 64 breaks IPv6?
From: Alexandru Petrescu <alexandru.petrescu () gmail com>
Date: Thu, 29 Dec 2011 15:51:02 +0100

Le 28/12/2011 13:13, Ray Soucy a écrit :
On Wed, Dec 28, 2011 at 6:23 AM, Iljitsch van Beijnum
<iljitsch () muada com>  wrote:
Also somehow the rule that all normal address space must use 64-bit
interface identifiers found its way into the specs for no reason
that I have ever been able to uncover. On the other hand there's
also the rule that IPv6 is classless and therefore routing on any
prefix length must be supported, although for some implementations
forwarding based on>  /64 is>  somewhat less efficient.

This ambiguity has always bothered me.  The address architecture RFC
requires a 64-bit interface identifier,

Well yes, but only if it's an address which doesn't start with 000 (3
zero bits).  I understand an address which starts with 000 can have an
interface id of length generic 128-n where n is prefix length. (RFC4291
"Addressing Arch", pp. 6,  1st par).

Generally speaking, my mind is disturbed by suggestions that the
Interface ID must always be precisely of length 64.  BEcause there is no
particularly valid reason to impose it so, other than the vaguely useful
and semantically doubtful 'u' bit - any software ever checks it on
reception?  At an extreme reading, it may look as the "secure" bit.

Yours,

Alex

but it's required to be unenforced by implementation, which makes it
 more of a suggestion at best.  I think the wording should be updated
 to changed MUST to SHOULD.  That said, and despite my own use of
prefix lengths other than 64-bit, I do believe that a 64-bit prefix
for each host network is in our long-term interest.  Not having to
size networks based on the number of hosts is a good thing. Features
made possible by a 64-bit address space is a good thing.




  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault