Subscribe to our Resources Blog RSS feed to stay up-to-date on latest news.
In the last post we talked about misplaced worry when it comes to wasting subnet addresses. Some of that worry stems from RFC memos on the topic.
Here’s some background: RFC 4291, Section 2.5.4, explicitly states that the IPv6 Interface-ID is /64 for all global unicast addresses. It doesn’t say “except if you’re worried that you’re being wasteful.”
And just to make things clearer for folks that were insisting on using /127s on point-to-point links, we had RFC 3627 that says, right in the title, “Use of /127 Prefix Length Between Routers Considered Harmful.”
Then along comes RFC 6164 that says the use of /127 prefixes on point-to-point links is just fine and dandy after all. In fact, RFC 6547 moves 3627 to historical (obsolete) status, superseded by 6164.
Confused yet? It’s really not that complicated.
RFC 3627 Is Obsolete for Good Reason
The main justification for the RFC 3627’s conclusion that /127 prefixes are harmful has to do with Subnet-Router Anycast addresses. These are addresses in which the prefix is intact, but the Interface-ID bits are all set to zero. So the address is scoped to a specific subnet by the prefix, but the identity portion of the address is unspecified. A device can send packets to the Subnet-Router Anycast address and they will be picked up by a router attached to the subnet. RFC 4291 requires that routers support the Subnet-Router Anycast address. The idea is that an application can use this address to communicate with “any one of the set of routers” on a subnet, although it isn’t made clear why an application would use this Anycast rather than the All-Routers multicast address.
Here’s the scenario that supposes /127 prefixes to be harmful:
That sounds like a big problem, but there’s a couple of things to know:
DAD is useful for Address Autoconfiguration mechanisms and for Neighbor Discovery Protocol, both of which have limited utility on point-to-point links. An easy bit of insurance, if your router operating system supports it, is to disable DAD on your point-to-point links. Many point-to-point technologies such as SONET do not use NDP, but if you are using Ethernet for point-to-point links, you probably will need to manually disable NDP.
Note: This post originally appeared on Network World article titled “The Case for /127 Subnets.”