On Jun 25, 2014, at 10:16 AM, joel jaeggli <joelja@xxxxxxxxx> wrote: > On 6/25/14 10:08 AM, Dan Wing wrote: >> > <snip> >> >> IPv6 privacy addresses aren't changed very frequently -- I see them >> change only every 24 hours. Can they change more frequently with >> sysctl or application encouragement? I know NAPT assigns a new port >> for every connection, which is how often we need a new IPv6 privacy >> address to provide NAPT-equvilence host obfuscation. > > you pay the price for that in the size of your ND cache. which unlike > that napt connection table doesn't get expired when the connection > terminates. having thousands of l3 nexthops for each device isn't a > great way to scale ethernet switches. Yep, we've seen that problem. -d