>>> On 1/24/2011 at 5:18 AM, <bmann...@vacation.karoshi.com> wrote: > On Mon, Jan 24, 2011 at 02:10:48PM +0100, Marco Hogewoning wrote: >> > While reading up on IPv6, I've seen numerous places that subnets are now >> > all /64. >> > >> > I have even read that subnets defined as /127 are considered harmful. >> >> RFC3627, with a lot of discussion in the IETF on this. See also > https://datatracker.ietf.org/doc/draft-ietf-6man-prefixlen-p2p/ >> >> > However while implementing IPv6 in our network, I've encountered several >> > of our peering partners using /127 or /126 for point-to-point links. >> >> I personally don't any benefit in using /126 subnets. >> >> > What is the Best Current Practice for this - if there is any? >> > >> > Would you recommend me to use /64, /126 or /127? >> > >> > What are the pros and cons? >> >> >From an operational point of view there is a risk that be using /64 >> >somebody > can eat away a lot of memory by either scanning or even changing addresses. > This is also described in the draft above... >> >> I would personally recommend to at least always assign the /64, even if you > would decide to configure the /127. RFC 3627 has been around long enough that > you will keep running into equipment or software that won't like the /127. In > which case you can always revert back to /64. >> This will also allow you to use easy to remember addresses like ::1 and ::2, > saving you the headache of a lot of binary counting. >> >> Grtx, >> >> Marco > > this results in -very- sparse matrix allocation - which is fine, as long as > you > believe that > you'll never run out/make mistakes. personally, i've use /126 for the past > 12 years w/o any > problems. > > there was never supposed to be a hard split at /64 - it was done as a means > to simplify autoconfig.
All of the (mostly religious) arguments about /64 versus any smaller subnets aside, I'm curious about why one would choose /126 over /127 for P-to-P links? Is this some kind of IPv4-think where the all-zeros and all-ones addresses are not usable unicast addresses? This isn't true in IPv6 (of course, it's not strictly true in IPv4 either). Is there another reason? -- Crist Clark Network Security Specialist, Information Systems Globalstar 408 933 4387
