On 2011-07-13 12:09 , Mikael Abrahamsson wrote: > On Wed, 13 Jul 2011, Jeroen Massar wrote: > >> Heck, some people pick a /120 for it or whatever they find nice. >> Configuration wise and counting wise /64 is just handy. And if one day >> you have multi-access on that link, well, no re-numbering, just enable >> it. > > That's why /125 is nice for renumbering, and no ND issue.
Yeah, pick whatever you like I would say. Just stay away from actually putting a /127 on the link. Two /128s works like a charm though as then subnet anycast is not involved anymore. >>>> The "ND" issue now lies at the CPE device of the user, who will most >>>> likely not be able to handle 1GB/s anyway when somebody wants to DDoS >>>> them off the net... >>> >>> No it doesn't, if I am ::1 then if someone sends 10kpps to random values >>> of ::X:Y:Z:W on that subnet I have to ND all those. >> >> There is no subnet, only ::2, the rest you can ignore. > > What should the router do when someone sends a packet to ::3 on that > subnet? If it's a /64, then it's a subnet with 2^64 active addresses, I > don't understand how you can call it a non-subnet. To take this little thing called SixXS as an example, we allocate a /64 per tunnel, but only use <tunnel>::1 (PoP) and <tunnel>::2 (user). We actually only configure ::1 on the tunnel and route ::2 to the tunnel, thus effectively two /128's. Thus for everything else there will be directly an ICMP unreachable. Simple as that. >> Test it out today and complain to your vendor ;) > > Wow. What else would you do? :) Greets, Jeroen -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
