[f-nsp] Support for IPv6 127-bit subnet mask on point-to-point networks

Youssef Bengelloun-Zahr youssef at 720.fr
Tue Aug 28 13:21:50 EDT 2012 

Hello,

What kind of timeframe are we talking here ?

Thanks.

Y.


P.S : coming back to Paris anytime soon ?  ;-)



Le 28 août 2012 à 17:49, Greg Hankins <ghankins at mindspring.com> a écrit :

> Hi Youssef, sorry that the NetIron does not support IPv6 /127s today.
> We do have it scheduled on our roadmap for a future release.
> 
> There is a pretty good panel presentation that Ron Bonica et al. gave at
> NANOG a couple years ago that talks briefly about the options.  We've put
> in several IPv6 DDoS mitigation features that minimize the impact of
> ND scanning.
> 
> If I were running a network, I'd probably use a /64 as Ron suggests:
> "Allocate /64 and use /64 for point-to-point as soon as vendors fix
> security issues".
> 
> http://www.nanog.org/meetings/nanog48/abstracts.php?pt=MTU1NCZuYW5vZzQ4&nm=nanog48
> 
> Greg
> (works for Brocade)
> 
> -- 
> Greg Hankins <ghankins at mindspring.com>
> 
> -----Original Message-----
> Date: Mon, 27 Aug 2012 13:43:36 +0200
> From: Youssef Bengelloun-Zahr <youssef at 720.fr>
> To: Wouter Prins <wp at null0.nl>
> Cc: foundry-nsp at puck.nether.net
> Subject: Re: [f-nsp] Support for IPv6 127-bit subnet mask on point-to-point
>    networks
> 
> Hello,
> 
> This is indeed bad news as I am starting IPv6 deployment on our new
> backbone :-/
> 
> I am not sure a /126 would be a better solution regarding the potential
> security threats it raises.
> 
> Maybe someone at Brocade is reading this thread and could give us a
> feedback on this ? Greg ?!?
> 
> Thanks.
> 
> Y.
> 
> 
> 
> 2012/8/27 Wouter Prins <wp at null0.nl>
> 
>> Hi Youssef,
>> 
>> If you look at the release notes of 5.3.00b and look into defect
>> DEFECT000391863 a /127 is unsupported on brocade. :(
>> 
>> On 27 August 2012 11:44, Youssef Bengelloun-Zahr <youssef at 720.fr> wrote:
>>> Hello Community,
>>> 
>>> Running MLXe boxes with 5.3.0b, I was wondering if /127 masks on p2p
>>> interfaces were supported ?
>>> 
>>> According to RFC6164, it should be :
>>> ftp://ftp.rfc-editor.org/in-notes/rfc6164.txt
>>> 
>>> I have found no mention of it in NetIron ConfGuide 5.3.0a. I will be
>> testing
>>> it anyway but wanted feedbacks for the community.
>>> 
>>> More Specifically, is the first address  Prefixe::0000/127 usable ?
>>> 
>>> Thank you.
>>> 
>>> Best.
>>> 
>>> Y.
>>> 
>>> 
>>> --
>>> Youssef BENGELLOUN-ZAHR
>>> 
>>> 
>>> _______________________________________________
>>> foundry-nsp mailing list
>>> foundry-nsp at puck.nether.net
>>> http://puck.nether.net/mailman/listinfo/foundry-nsp
>> 
>> 
>> 
>> --
>> Wouter Prins
>> wp at null0.nl
>> 
> 
> 
> 
> -- 
> Youssef BENGELLOUN-ZAHR
> 
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp

More information about the foundry-nsp mailing list