[c-nsp] IPv6 subnets for point-to-point links
Gert Doering
gert at greenie.muc.de
Sun May 8 08:47:20 EDT 2005
Hi,
On Sun, May 08, 2005 at 02:30:55PM +0200, sthaug at nethelp.no wrote:
> > > Maybe you could point us in the direction of this work? I would need good
> > > arguments to start using /64 on point to point links.
> >
> > Well, the first stop is of course RFC3587, which very clearly says
> >
> > " [ARCH] also requires that all unicast addresses, except those that
> > start with binary value 000, have Interface IDs that are 64 bits long"
> >
> > (ARCH is RFC3513)
>
> I'm afraid this is not a particularly compelling argument (to *me* at
> least) for why I should waste a /64 on every point to point link, as
> long as /126 definitely work.
Well, I was just citing reference material... - personally we use /124's
(as then every transfer network can have :xxx1 and :xxx2 for the two ends).
OTOH the fact that there *is* something in the RFCs usually means
that someone has spent some thinking on it...
> > draft-ietf-send-cga-07.txt --> now RFC3972
> > draft-haddad-mip6-cga-omipv6-04.txt
>
> These drafts/proposed standards apply to Secure Neighbor Discovery and
> to Mobile IP. I don't see the relevance to my point to point links (I
> neither want nor need any kind of neighbor discovery here - everything
> is explicitly configured).
As far as I understand, SEND is primarily the first user of the CGAs,
but they can also used for other purposes where you need to verify that
a certain party is the rightful owner of a given key (like "I want to do
IPSEC'ed BGP to a neighbour, without having to configure the key material
explicitly"). I'm not enough of a crypto expert to fully understand all
implications, though.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
More information about the cisco-nsp
mailing list