Skip to main content

The Case for the /127 Subnet - Part I

June 30, 2014

In my previous post I wrote about all the positives we get from the almost incomprehensibly massive IPv6 address space, all there for our enjoyment if we will just break free of our long-ingrained IPv4 address conservation mentality.

The place where we most often see the adverse effects of IPv4 conservatism is in addressing point-to-point links. I wrote about how we can be led into illogical thinking because we fail to grasp the scale we are working with: We seem to have no problem on a LAN with 5000 addresses wasting the other 264-5000 addresses, but we just can’t bring ourselves to waste 264-2 addresses on a point-to-point link. On the scale of 18 million trillion addresses, the difference between 5000 and 2 is negligible.

A bit of illogic related to this issue of subnet address size is a question I hear frequently: “Why did they use up an entire 64 bits for the Interface-ID? Why not 32 bits, which still gives us more addresses on a subnet than we would ever use and would leave us with 96 bits for prefixes?”

My answer is: Why do you care?

That’s still just a misplaced worry about waste. We could just as easily ask why they didn’t make IPv6 addresses 64 bits with 32 bits for prefixes (location) and 32 bits for Interface-ID (identity). There would probably still be more than enough addresses for the foreseeable future. And you just know that if an IPv6 address were 64 bits, there would be people asking why they didn’t make the Interface-ID 16 bits (65,536 addresses should still be more than enough for any subnet!) so that we could have 48 bits for prefixes.

Do you see the kind of rut you can get stuck in by worrying about address waste? IPv6 addresses are 128 bits, evenly divided between prefix and Interface-ID, precisely because it gives us more addresses than we can ever conceivably use. The designers hit the problem of address depletion with a really, really big hammer. Unlike IPv4, there is no expectation that you will efficiently use all the interface addresses available on a /64 subnet.

So really. Stop worrying about it.

Read the next post in this series.

Note: This post originally appeared on Network World article titled “The Case for /127 Subnets.”

Related Blogs

October 20, 2015

Check Point Kernel Debugging, In-Depth

The following is a look into the features and inner-workings of debugging the Check Point firewall kernel. This information will prepare you to debug ...

See Details

June 01, 2015

Vulnerabilities in Bluecoat SSL Visibility Appliances

Last Friday, Bluecoat and CERT published security advisories for vulnerabilities in the administrative interface of the Bluecoat SSL Visibility Applia...

See Details

May 04, 2015

How Not To Prevent CSRF in a RESTful Service

Last Friday, Bluecoat and CERT published security advisories for vulnerabilities in the administrative interface of the Bluecoat SSL Visibility Applia...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy


August 24, 2017

Enterprise Incident Management Brief

Learn how Optiv’s workshop helps security leaders evolve their technical incident response practices to broad scope enterprise incident management.

See Details

July 01, 2014

The Case for the /127 Subnet - Part II

In the last post we talked about misplaced worry when it comes to wasting subnet addresses. Some of that worry stems from RFC memos on the topic. Here...

See Details

July 02, 2014

The Case for the /127 Subnet - Part III

When we left off in the previous post, we were discussing disabling NDP on Ethernet point-to-point links when using /127 prefixes. But there is anothe...

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.