IPv6: Why not use /126 on P2P links for IPv6?

Question

In IPv4 we use /30 to conserve addresses. So why do some people recommend using /64 on P2P links instead of /126? I get using a /64 on regular subnets but isn't using a /64 when there will only ever be two addresses in use on P2P links tremendous waste of addresses?

Hi, please consider the perspectives expressed in [RFC 6164](http://tools.ietf.org/html/rfc6164) — Mike Pennington, Feb 19 '14 at 19:39

score 16 · Answer 1 · edited May 03 '17 at 14:21

16

Many of us do use /126's on PTP links. I personally like being able to identify something as a network infrastructure PTP link just based on the first 64 bits of the address, so I reserve a /64 to pull the /126's from. Different people have different opinions on what's important, so...shrug

Incidentally (#1), because IPv6 doesn't have the concept of a broadcast address or a network address on an IP network, you could actually use /127's instead of /126's. Beware that, although /127's netmasks are perfectly valid, some vendor gear has (wrongly) not allowed them, considering /127's netmasks "invalid", which means you may run into some vendor support issues if you decide to try using them. This is why I use /126's.

Incidentally (#2), if your links are truly defined as PTP links, you should be able to use any IP addresses without them having to be in a common IP network at all.

edited May 03 '17 at 14:21

edgardmota

3
3

answered Feb 19 '14 at 20:09

Jeff McAdams

2,486
20
28

1

Can you give an example of a vendor that restricts the use of /127s? – Ryan Foley Feb 19 '14 at 20:12
4

At one point, Brocade in the FastIron line and perhaps in the NetIron line didn't allow it. I haven't checked recent firmware versions, so I don't know if that is still the case or not. – Jeff McAdams Feb 19 '14 at 20:14
1

Brocade isn't a small company, either. Good insight. – Ryan Foley Feb 19 '14 at 20:17

score 6 · Answer 2 · edited Oct 07 '21 at 07:34

There are two parts to the answer.

First, to answer your question directly: the official recommendation on this topic has changed. In the past, RFC 3627 is titled "Use of /127 Prefix Length Between Routers Considered Harmful" The current recommendation is different, though: RFC 6164 recommends using a /127 (not a /126!) on point-to-point links. Both RFCs outline the reasons for the respective recommendations.

The second part of the answer is that generally, outside point-to-point links, IPv6 will break with any prefix longer than /64. It is actually not IPv6 itself, but many of the protocols it uses, such as SLAAC, Neighbor Discovery, etc. Since a point-to-point link does not involve any form of discovery, that consideration is not relevant, and a /127 will work.

[RFC 6547](https://tools.ietf.org/html/rfc6547) clarifies the fact that RFC 3627 has been moved to Historical Status, and that RFC 6164 obsoletes it. — Ron Maupin, Nov 08 '15 at 04:58

score 4 · Answer 3 · edited Oct 07 '21 at 07:34

So as an ISP, I wanted to add a comment to this. Specifically we use both GUAs and ULAs (unique local addresses) for our internal routing. This means that we have a block (/48) that is from a /32 GUA pool, but that we filter at our edges turning them into ULAs. The bigger /32 GUA is still advertised, but the /48 ULA is filtered out at our edges. We use this ULA for much of our internal addressing needs (AS specific) as well as PtP links.

All of our PtP links are a complete /64 block, however they are specifically configured as a /127 on the routers. This was to specifically deal with ping-pong attacks when are possible in both IPv4 and IPv6 space. You rarely see it in IPv4 space because we all use /30s for PtP links there. In IPv6 space however, using the /64 creates the ability for these types of attacks (see https://www.rfc-editor.org/rfc/rfc6164#section-5.1)

As mentioned before, allocating a /64 for these links seems like a waste, but once you spend a lot of time making your IPv6 address plan (a good read is https://www.amazon.com/IPv6-Address-Planning-Designing-Future-ebook-dp-B00PCZMAOW/dp/B00PCZMAOW) you see that it is MUCH easier to never delve beyond /64 in your plans.

Also as mentioned before, since we are talking PtP links only, a /127 does not suffer from any of the normal issues of going beyond a /64. Why don't we use un-numbered addresses for PtP links? Mostly for debugging purposes, traces, monitoring, etc.

--- I forgot to mention (after re-reading some of the comments above...) If you're using a /126 as your PtP link, you still suffer from the same ping-pong issue as a /64. Why? Because the 00 and 11 bits in your /126 are valid IPv6 addresses (whereas in IPv4 they aren't, they serve a different purpose). So although a /32 (two bits from /32) works for IPv4, a /127 (1 bit from /128) is what you need for IPv6.

Unfortunately, the big carriers (ATT, VzB, etc.) insist that `/127` links are not allowed, and they insist that we use `/126` links with them. We must carefully test any equipment we use for that to make sure it is immune to ping pong attacks. — Ron Maupin, Apr 01 '19 at 18:58

score 4 · Accepted Answer · answered Feb 19 '14 at 18:57

4

Because IPv6 always recommends using /64 for all links.

For the second part of the question, is it a waste?

A /64 has 18,446,744,073,709,551,615, or 18 quintillion addresses.

Most IPv4 subnets are less than 255 hosts. Assume that you have a network with 255 hosts on it and they're given a /64 prefix. That means that 255 hosts are assigned a v6 address, leaving 18,446,744,073,709,551,360 addresses unused. That's over 99.99%. To be more accurate, that's sixteen 9's, or effectively 100% "waste".

Even if you had a subnet with 1,000,000 hosts on it, that's 18,446,744,073,708,551,616 wasted addresses, or still over 99.99%. Only thirteen 9's this time, but still effectively 100% "waste".

So the percentage difference between using one million addresses or two addresses on a single link is negligible.

And just so you can see what these numbers look like.

* Two hosts is 99.9999999999999999891579782751449556599254719913005828857422% unused.
* 255 hosts is 99.9999999999999986176422300809818466404976788908243179321289% unused.
* 1M  hosts is 99.99999999999457898913757247782996273599565029144287109375% unused.
* 4B  hosts is 99.999999976716935634613037109375% unused.

Even the entire IPv4 Internet placed on a single /64 link would leave effectively 100% of the addresses unused. When you look at the numbers like this, using anything other than a /64 on a link is just silly.

answered Feb 19 '14 at 18:57

bahamat

847
1
7
17

2

A lot of ISPs DO use /126 for point to point links. I guess old habits die hard ;-) – Ron Trunk Feb 19 '14 at 19:08
They do, but hopefully realizing that the *entire IPv4 Internet* is still effectively 0% of a /64 may bring some proper perspective. – bahamat Feb 19 '14 at 19:11
1

One possible reason (I'm not an ISP) may be that they can take a single /64 subnet and put all of their links into it. It may make management and troubleshooting easier. – Ron Trunk Feb 19 '14 at 20:01
@bahamat I don't think you fully answered your original question. _"Because IPv6 always recommends using /64 for all links"_ does not answer _"So why do some people recommend using /64 on P2P links instead of /126?"_. – Ryan Foley Feb 19 '14 at 20:08
@Ron Wouldn't that seriously complicate route aggregation? i.e. blow up the ISP's internal routing tables? – Michael Hampton Feb 19 '14 at 20:19
@MichaelHampton Some ISPs like to keep customer networks separate from uplinks (which they might consider their own networks). So they would never advertise uplinks to the Internet, only customer routes. – Ron Trunk Feb 19 '14 at 20:34
3

In addition to my full answer, I wanted to comment on this one. The statement that IPv6 always recommends using /64 for all links is no longer valid. http://tools.ietf.org/html/rfc6164 – Jeff McAdams Feb 19 '14 at 20:56

IPv6: Why not use /126 on P2P links for IPv6?

4 Answers4