On Thu, Feb 23, 2017 at 12:31 AM, Job Snijders <job@xxxxxxx> wrote:
rfc6164 and rfc6583 are great examples that document considerations
regarding not using a /64, it simply is not always the best fit.
RFC6583-style attacks (of which the class addressed by RFC6164 is a subset) are low payoff and pretty easy to mitigate using very small changes to ND implementations. You can solve most or all of the problem by using per-interface ND queues and prioritizing existing and gleaned ND entries over incomplete ones. You can do even better by pushing the filtering away from the host so that you don't have to carry the packets.
Also, bear in mind that the interface ID length is *not* the same as the prefix you route to the link. Given that you're talking about static configuration, you can perfectly well configure all the hosts with /64 prefixes, but give them addresses that are all in a given /120 and then route only the /120 to that link. That will also avoid all the attacks.
It also makes configuration much simpler, because you don't have to touch any of the hosts when you run out of the /120: just increase the /120 to a /119 on the router and move up from ::ff to ::100. That is 100% supported by the current text of RFC4291bis, which requires that the router forward packets to the /120.
This trick doesn't work in IPv4, so it will take a bit of getting used to for people who only know IPv4, but I doubt that's the common case in NTT.
As such, I am confident to state that almost every deployed backbone
uses a mixture of /64, /127, /126 and perhaps other lengths.
...
There is public data that suggests that the backbone you are familiar
with might be connected to a public internet exchange which uses a /112
as peering lan prefix.
For the record, I don't dispute either of those.
> Also, backbone networks are a tiny percentage of the links on the planet.
I certainly will not deny that fact. Are you familiar with the concept
of the McNamara fallacy?
I wasn't. But that fallacy would apply to your arguments just as well as to mine. You're the one that brought numbers to the thread first.