A while back the general advise was to assign a /64 for each and every VLAN. I still believe this to be true and a correct advise for all VLANs that connect end-users (because of auto address features and temporary addresses).
But is this still true, best practice, for networks that do not serve end-users, like transit networks between routers, server networks or even networks for ip-phones?
What protocols cannot handle networks with masks larger (more bits in mask) /64?
Any other reasons that should stop me from assigning, let's say /120's ?
(reason for this question is that we see providers assigning /56 PA addressblocks and these only leave room for 256 VLAN's, when only using /64's)
There is no reason why can’t use /120 or /112 or /126 or /127 ( p2p router to router link).
As far as I know, all Cisco and juniper routers supports any of above mask including /127 ( I prefer to use this on p2p WAN link when I know there are only two devices/routers connected to each other).
One important recommendation to use smaller networks than /64 comes from the security side:
The table exhaustion attack is a way to overflow of an ipv6 router's neighbor table by sending packets from every possible address in the subnet in rapid sucession. With a /120 subnet, (the ipv6 version of a /24) this is not possible because the router can easily store 254 entries. At least for public networks it makes sense to not use /64 for this reason.
The workaround for not being able to use SLAAC will eventually be the more widespread use of dhcp in ipv6 networks; this can be used with every mask you can think of.
RFC 3177 caused a lot of noise in the community. Check out RFC 6177 which addresses this to a certain degree. Also, check out RFC 6164 which examines and advocates the use of /127 prefixes on P2P links. The VLAN to IPv6 logic makes sense as long as you have a 1:1 VLAN/Subnet relationship, that could change. And that scheme wouldn't work for WAN P2P links as they don't usually have a VLAN ID. If you are dual stacking, you could embed the IPv4 address inside the IPv6 address space to make it a bit easier to read. My advice would be to subnet and use DHCPv6 if you need more subnets, but don't try to make a "system" that correlates with other technologies, it won't scale and it probably won't last. So, my choice would be better management and network automation, so I wouldn't have to remember any kind of mappings between switch numbers, IP addresses or VLAN numbers. Remember that the mobility trend (LISP, etc) will render all those kind of systems useless In the end, what makes sense to me is to have a decent IPAM solution and a proper naming scheme instead of obsessing with address formatting. After all, your network consists of several thousand MAC-addresses without any corporate-based naming scheme, still we are able to manage these HTH
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...