On 2013-06-01 07:04, Arturo Servin wrote: > Hi, > > I would like to ask which measures is people taking to protect p-2-p > links that are configured with a /64. So far I imagine things like > rate-limiting, ACLs, etc. But still that is a bit abstract of what to do > in a router.
What is the problem you are trying to protect against? If you are protecting against something scanning the rest of the /64 where for instance only ::1 and ::2 are configured, you have two options: - actually use /128 routes - firewall away the prefixes The first option is the easiest, no route, no lookups, no response. The 'advantage' of setting aside a whole /64 is that one can then one-day enable that link as a multi-point link if wanted. Also using /64's is easier than going back to 'what size will we use and which prefix is the next free available one' (though programmatic assignments and configuration help there of course ;) Greets, Jeroen
