On 2017-09-10 00:09, Baldur Norddahl wrote: > You want to configure point to point interfaces as /127 or /126 even if you > allocate a full /64 for the link. This prevents an NDP exhaustion attack > with no downside.
An alternative is to just have link-local addresses on your point-to-
point links. At least on your internal links where you run your IGP.
On external links, where you run eBGP or static routes, it's probably
more trouble than it is worth, though, since link-local addresses can
change if you replace the hardware, requiring a config change on the
other end. (Also, I'm not sure all BGP implementations support using
link-local addresses.)
/Bellman
signature.asc
Description: OpenPGP digital signature
