IETF Logo Mail Archive

Re: IPv6 prefix lengths - how long?

Michael Richardson <mcr+ietf@sandelman.ca> Fri, 07 June 2019 19:27 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 078761200F3 for <ipv6@ietfa.amsl.com>; Fri, 7 Jun 2019 12:27:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0OtgrWEnrwIJ for <ipv6@ietfa.amsl.com>; Fri, 7 Jun 2019 12:27:03 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 580531200B5 for <ipv6@ietf.org>; Fri, 7 Jun 2019 12:27:03 -0700 (PDT)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id E40DE38188 for <ipv6@ietf.org>; Fri, 7 Jun 2019 15:25:44 -0400 (EDT)
Received: by sandelman.ca (Postfix, from userid 179) id AD8EFF2A; Fri, 7 Jun 2019 15:27:01 -0400 (EDT)
Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id AB1A7AA for <ipv6@ietf.org>; Fri, 7 Jun 2019 15:27:01 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: 6man WG <ipv6@ietf.org>
Subject: Re: IPv6 prefix lengths - how long?
In-Reply-To: <ee811897e2d2438e9c3592012b725ac3@boeing.com>
References: <ee811897e2d2438e9c3592012b725ac3@boeing.com>
X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Fri, 07 Jun 2019 15:27:01 -0400
Message-ID: <29585.1559935621@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/-3_mBBllIrVbfEjBdBwoY4TAW9c>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Jun 2019 19:27:05 -0000

TorIX uses a /111 prefix for the IX network.

This seems to be just big enough so that they can match the last two octets
of the IPv4 with the last two octets of the IPv6, plus a bit of room to grow
(I guess).   Routers are not configured by SLAAC (or DHCPv6).

This choice seems to be related to concerns about limitations on floods of ND
and inability (in some equipment at some point in history) to lock down the
IPv6 neighbor cache.

My feeling is that we should be able to use LL addresses only at IXs.
I'm sure that there is something missing in some systems that prevents this,
but maybe we should think about whether this should be documented as a
requirement.

Fred is asking about a completely different situation, but ultimately it is
also about management of neighbor cache entries.  How do we divide up and
protect a limited resource against abuse?

BTW, I think that a /118 is trivially enumerable by an attacker.

--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

v2.23.0 | Report a Bug | By Email