My preferred method of implementing point to point links is allocate a /64 to the link, then configure a /127 on the interfaces and null route the /64 on the devices. This leaves the rest of your IGP to only have to deal with /64 and smaller masks, which is likely to be more optimal.
If you're dealing with ancient code which is affected by the Subnet-Anycast address issue, you could get away with configuring a /126 on the interfaces and null routing the redundant /128s. If you're seriously concerned about relying on the specified routers to handle wayward or malicious packets from hostile networks, you could easily mirror the sinkhole closer to the border. -- Wade On 2013-06-02, at 0:04, Arturo Servin <[email protected]> wrote: > Hi, > > I would like to ask which measures is people taking to protect p-2-p > links that are configured with a /64. So far I imagine things like > rate-limiting, ACLs, etc. But still that is a bit abstract of what to do > in a router. > > If you have some configuration examples it would be great (Cisco, > juniper would be fine, we have both). > > Regards, > as
