Pekka, I also think having that 64bit boundary helped in designing CGAs.
They're more secure when we know IIDs must be 64bit in length.
Pekka Savola wrote:
On Tue, 30 Sep 2008, Brian Dickson wrote:
Dunn, Jeffrey H. wrote:
My basic question is: What basic engineering problem is solved by
proscribing non-64 bit prefixes?
If the non-64 prefixes had not been proscribed, we wouldn't have been
able to use the existing engineering method to develop CGA/SEND
specifications.
If CGA addresses are a departure allowing the IID on Ethernet be
something else than an Ethernet-derived IID (e.g. not always have fffe
somewhere in the middle) then they (CGA IIDs) could also settle for
less, like being 63 in length, instead of 64. This would allow for
further subnetting the typical /64 into two /65s, with only minimal 1bit
decrease in security.
It may be that CGA addresses and longer-than-64bit SLAAC are not
incompatible.
Just some thoughts.
Alex
SLAAC: IPv6 StateLess Address AutoConf
These are being leveraged in SHIM6 and potentially in
other applications as well. Likely we couldn't even solve these
engineering problems (at least without major drawbacks/other
assumptions) if we couldn't have made assumptions about the widely-used
prefix length.
That said, I personally use non-64 bit prefixes on point-to-point links
between routers, but I have done so willingly and knowing that if the
IETF develops anything fancy new stuff, I might not be able to use it or
I might need to renumber.
When managing such a scheme alongside an IPv6 prefix which needs to be
assigned to the same set of servers, which are all dual-stack, the
*number* of prefixes, their *relative* numbering, and the host
*addresses* within the prefixes, it is quickly apparent that use of
only /64 prefixes makes for a management nightmare, particularly if
renumbering of prefixes and/or servers occurs, e.g. re-balancing the
VLSM arrangement itself in IPv4-land.
I don't understand why *relative* numbering (i.e: overlapping subnet
masks) is important in IPv6, and I'm not sure if I see the case even for
v4. Could you enlighten me?
I assume you refer to a scenario where on the same broadcast domain
there are hosts which are configured with say A.B.C.0/24 length, and
some others are configured with, say, A.B.C.D/28 prefix length.
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------