And here is another useful resource: http://csrc.nist.gov/publications/nistpubs/800-119/sp800-119.pdf, particularly chapter 6.1.3 Vulnerabilities in IPv6.
Dmitry Cherkasov 2011/11/29 Victor Kuarsingh <victor.kuarsi...@gmail.com>: > Dmitry et al, > > I found Jeff's following comments to be quite insightful for general > practices. > > http://www.networkcomputing.com/ipv6-tech-center/231600717 > > http://www.networkcomputing.com/ipv6-tech-center/231700160 > > As for using 127s on P2P links.... > > He discussed reasoning behind using /64s, concerns related to "waste", ND > exploits and > other points as noted in RFC6164. - directed > > Regards, > > Victor K > > On 11-11-29 7:58 AM, "Dmitry Cherkasov" <doctor...@gmail.com> wrote: > >>Thanks to everybody participating in the discussion. >>I try to summarize. >> >>1) There is no any obvious benefit of using longer prefixes then /64 >>in DOCSIS networks yet there are no definite objections to use them >>except that it violates best practices and may lead to some problems >>in the future >> >>2) DHCPv6 server can use any algorithm to generate interface ID part >>of the address, and EUI-64 may be just one of them that can be useful >>for keeping correspondence between MAC and IPv6 addresses. Yet if we >>use EUI-64 we definitely need to use /64 prefix >> >>3) Using /64 networks possesses potential security threat related to >>neighbor tables overflow. This is wide IPv6 problem and not related to >>DOCSIS only >> >>There were also notes about address usage on link networks. Though >>this was out of the scope of original question it is agreed that using >>/64 is not reasonable here. BTW, RFC6164 (Using 127-Bit IPv6 Prefixes >>on Inter-Router Links) can be mentioned here. >> >> >>Dmitry Cherkasov >> >> >> >>2011/11/29 Dmitry Cherkasov <doctor...@gmail.com>: >>> Tore, >>> >>> To comply with this policy we delegate at least /64 to end-users >>> gateways. But this policy does not cover the network between WAN >>> interfaces of CPE and ISP access gateway. >>> >>> Dmitry Cherkasov >>> >>> >>> >>> 2011/11/29 Tore Anderson <tore.ander...@redpill-linpro.com>: >>>> * Dmitry Cherkasov >>>> >>>>> I am determining technical requirements to IPv6 provisioning system >>>>> for DOCSIS networks and I am deciding if it is worth to restrict user >>>>> to use not less then /64 networks on cable interface. It is obvious >>>>> that no true economy of IP addresses can be achieved with increasing >>>>> prefix length above 64 bits. >>>> >>>> I am not familiar with DOCSIS networks, but I thought I'd note that in >>>> order to comply with the RIPE policies, you must assign at least a /64 >>>> or shorter to each end user: >>>> >>>> http://www.ripe.net/ripe/docs/ripe-523#assignment_size >>>> >>>> -- >>>> Tore Anderson >>>> Redpill Linpro AS - http://www.redpill-linpro.com >> > >