The reason for allocating a /64 for a point to point link is due to various denial of service attack vectors. Just do it. The numbers in IPv6 are staggering. The generally accepted best practice is to allocate a /64 and use a /128 within that /64 for point to point links.
---- Matthew Huff | 1 Manhattanville Rd Director of Operations | Purchase, NY 10577 OTA Management LLC | Phone: 914-460-4039 aim: matthewbhuff | Fax: 914-694-5669 > -----Original Message----- > From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of William > Herrin > Sent: Tuesday, January 17, 2017 4:02 PM > To: Michael Still <stillwa...@gmail.com> > Cc: nanog@nanog.org > Subject: Re: Questions on IPv6 deployment > > On Tue, Jan 17, 2017 at 12:48 PM, Michael Still <stillwa...@gmail.com> > wrote: > > http://nabcop.org/index.php/IPv6_Subnetting > > That's overall good advice. I quibble with a couple of points: > > 1. If you plan to use a /126 on a point to point and can't imagine how > you would use a /64 on that point to point, don't allocate a /64. Odds > are that by the time you can imagine some way to use a /64 there, the > details will require you to assign a new block anyway. > > Why be concerned about resource consumption? Because it's a good > habit. Don't overdo it, IPv6 is not resource constrained the way IPv4 > is, but shrewd use of available resources is a good habit even when > resources are plentiful. > > 2. Make all your point to points /124. That will work for all your > point to points. Serial or ethernet. Even the ethernets which have two > high-availability routers on both ends along with the failover address > needing a total of 6 IPs plus 1 for your troubleshooting laptop. > Configuring /124 every time allows you to standardize your > configuration, the same way /64 standardizes the netmask on a LAN > deployment. > > > > One additional point not brought up: > > Minimum assignment to a customer: /60. Never ever /64 or /128. How > much more than a /60 you choose as your minimum is up to you. Common > choices are /56 and /48. But never, ever less than a /60. Your > customer will want to deploy a /64 to each LAN. And there are so many > cases where he'll want to deploy more than one LAN. > > I've noticed a lot of hosting providers getting this wrong. Some of > your customers do create VPNs on their VPC you know. > > Regards, > Bill Herrin > > > -- > William Herrin ................ her...@dirtside.com b...@herrin.us > Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/>