[f-nsp] Support for IPv6 127-bit subnet mask on point-to-point networks

Greg Hankins ghankins at mindspring.com
Tue Aug 28 11:49:40 EDT 2012


Hi Youssef, sorry that the NetIron does not support IPv6 /127s today.
We do have it scheduled on our roadmap for a future release.

There is a pretty good panel presentation that Ron Bonica et al. gave at
NANOG a couple years ago that talks briefly about the options.  We've put
in several IPv6 DDoS mitigation features that minimize the impact of
ND scanning.

If I were running a network, I'd probably use a /64 as Ron suggests:
"Allocate /64 and use /64 for point-to-point as soon as vendors fix
security issues".

http://www.nanog.org/meetings/nanog48/abstracts.php?pt=MTU1NCZuYW5vZzQ4&nm=nanog48

Greg
(works for Brocade)

-- 
Greg Hankins <ghankins at mindspring.com>

-----Original Message-----
Date: Mon, 27 Aug 2012 13:43:36 +0200
From: Youssef Bengelloun-Zahr <youssef at 720.fr>
To: Wouter Prins <wp at null0.nl>
Cc: foundry-nsp at puck.nether.net
Subject: Re: [f-nsp] Support for IPv6 127-bit subnet mask on point-to-point
	networks

Hello,

This is indeed bad news as I am starting IPv6 deployment on our new
backbone :-/

I am not sure a /126 would be a better solution regarding the potential
security threats it raises.

Maybe someone at Brocade is reading this thread and could give us a
feedback on this ? Greg ?!?

Thanks.

Y.



2012/8/27 Wouter Prins <wp at null0.nl>

> Hi Youssef,
>
> If you look at the release notes of 5.3.00b and look into defect
> DEFECT000391863 a /127 is unsupported on brocade. :(
>
> On 27 August 2012 11:44, Youssef Bengelloun-Zahr <youssef at 720.fr> wrote:
> > Hello Community,
> >
> > Running MLXe boxes with 5.3.0b, I was wondering if /127 masks on p2p
> > interfaces were supported ?
> >
> > According to RFC6164, it should be :
> > ftp://ftp.rfc-editor.org/in-notes/rfc6164.txt
> >
> > I have found no mention of it in NetIron ConfGuide 5.3.0a. I will be
> testing
> > it anyway but wanted feedbacks for the community.
> >
> > More Specifically, is the first address  Prefixe::0000/127 usable ?
> >
> > Thank you.
> >
> > Best.
> >
> > Y.
> >
> >
> > --
> > Youssef BENGELLOUN-ZAHR
> >
> >
> > _______________________________________________
> > foundry-nsp mailing list
> > foundry-nsp at puck.nether.net
> > http://puck.nether.net/mailman/listinfo/foundry-nsp
>
>
>
> --
> Wouter Prins
> wp at null0.nl
>



-- 
Youssef BENGELLOUN-ZAHR

_______________________________________________
foundry-nsp mailing list
foundry-nsp at puck.nether.net
http://puck.nether.net/mailman/listinfo/foundry-nsp



More information about the foundry-nsp mailing list