On 25/04/2017 08:16, Alastair Johnson wrote:

On 4/24/17 12:51 PM, Pieter De Wit wrote:

...

Good Morning List,

I was wondering if anyone out here (there :)) has a working config for an Alcatel 7750 to give out IPv6 to subscribers. We would like to allocate /112's as a link net between the CPE and the BNG. We then want to route a /64 or /48 over this link net. All of this is configured in Radius.

The link-nets are configure using the "wan-host" option under the subscriber interface. The /64 or /48 subnets is part of a /36 configured as the "pd" option.

From what I was reading, it appears as if the link-nets needs to be /64...surely not ?

Are you using DHCP IA_NA or SLAAC for numbering this link?

This is where the problem is going to be - we going to need DHCP, imho, but I will have to get it enabled

I'm assuming the latter, in which case, a subscriber<>BNG session is modeled as a link, and for SLAAC to work, that link is assumed to be /64.

If you're using IA_NA then why would you want a /112 in any case? You can only assign a /128 IA_NA to the subscriber host.

/128 it is - gives us more usable v6 so all good :) the /112 was trail....or just error....or let's call it "research" shall we :D

You may also find the alcatel-nsp list has more people on it for this sort of question, although I'm happy to help (here, there, or elsewhere).

I subscribed :)

AJ

This may be useful. Is work in progress, but we believe that we will reach consensus in the next RIPE meeting adding some suggestions that we got in the last weeks: º ALBARÁN.......: 02643/2557863 SERVICIO........: Ecommerce FECHA............: 20/04/2017 CLIENTE RECOGIDA.: MOREMAR SL CLIENTE ENTREGA.: ANA SUBIRATS RODRÍGUEZ CLIENTE ABONADO..: MOREMAR SL LOCALIDAD ENTREGA: IGUALADA OBS. ENTREGA TTM: HEMOS LLAMADO DURANTE TODA LA TARDE Y NADIE HA CONTESTADO, TENIAMOS 2 TELEFONOS Y NAD A -DESTINATARIO AUSENTE/CERRADO : X Regards, Jordi -----Mensaje original----- De: en nombre de Brian E Carpenter Organización: University of Auckland Responder a: Fecha: lunes, 24 de abril de 2017, 22:35 Para: Pieter De Wit , Asunto: Re: [nznog] Alcatel IPv6 PPPoE On 25/04/2017 07:51, Pieter De Wit wrote: > Good Morning List, > > I was wondering if anyone out here (there :)) has a working config for > an Alcatel 7750 to give out IPv6 to subscribers. We would like to > allocate /112's as a link net between the CPE and the BNG. We then want > to route a /64 or /48 over this link net. Please don't hand out /64s. That prevents people subnetting their IPv6 in their home or office. You can always hand out /56 if you really think /48 is too much. > All of this is configured in > Radius. > > The link-nets are configure using the "wan-host" option under the > subscriber interface. The /64 or /48 subnets is part of a /36 configured > as the "pd" option. > > From what I was reading, it appears as if the link-nets needs to be > /64...surely not ? Not unless your vendor has a pointless restriction. The only RFC in the area is https://tools.ietf.org/html/rfc6164 which recommends /127 but there's nothing to prevent /112 from working if that's what you want. Regards Brian _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz https://list.waikato.ac.nz/mailman/listinfo/nznog ********************************************** IPv4 is over Are you ready for the new Internet ? http://www.consulintel.es The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited.

On 25/04/2017 09:26, Matthew Poole wrote:

http://www.inetassociation.com/ipv6subnetdesign.htm

A /64 is definitely recommended as the maximum prefix length for any purpose, even point-to-point links. 

I'm with you on finding this really disconcerting, but that paper lays out why you shouldn't go longer than /64 for your prefixes.

On a side note, save this email for 20 years - we might be re-subnetting link-net's to give Mars or the Moon some v6 space - LOL

On 25 April 2017 7:51:49 AM NZST, Pieter De Wit wrote:

...

Good Morning List,

<SNIP>

...

From what I was reading, it appears as if the link-nets needs to be /64...surely not ?

Several host providers I have used do this and it breaks OS stacks quite badly especially when containers and vnics are involved. From my own negative experiences with this (saying it's a 64 and configuring as a point to point) I wouldn't recommend doing this. Or if you are going to do it at the very least making it well know to your customers that this is the case. On 25 April 2017 at 10:44, Michael Fincham wrote:

...

A /64 is definitely recommended as the maximum prefix length for any

On Tue, 25 Apr 2017 09:26:45 +1200, Matthew Poole wrote: purpose, even point-to-point links.

...

I'm with you on finding this really disconcerting, but that paper lays

out why you shouldn't go longer than /64 for your prefixes.

I would suggest for point-to-point links that folks register them in their IPAM as a /64, but configure them on the equipment as a /127.

As far as I can tell, essentially all equipment supports this configuration, but you cut down your exposure to various bugs and bad behaviours that have cropped up in the past (e.g. ping-pong and friends).

Also stops people from being tempted to slip extra hosts in to what should be a point-to-point link.

-- Michael

_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz https://list.waikato.ac.nz/mailman/listinfo/nznog

On 4/24/17 4:38 PM, Brian E Carpenter wrote:

On 25/04/2017 10:44, Michael Fincham wrote:

...

On Tue, 25 Apr 2017 09:26:45 +1200, Matthew Poole wrote:

...

A /64 is definitely recommended as the maximum prefix length for any purpose, even point-to-point links.

I'm with you on finding this really disconcerting, but that paper lays out why you shouldn't go longer than /64 for your prefixes.

I would suggest for point-to-point links that folks register them in their IPAM as a /64, but configure them on the equipment as a /127.

As far as I can tell, essentially all equipment supports this configuration, but you cut down your exposure to various bugs and bad behaviours that have cropped up in the past (e.g. ping-pong and friends).

Also stops people from being tempted to slip extra hosts in to what should be a point-to-point link.

That's true, but in principle you can do whatever the heck you like on a router-to-router link. Any equipment that actually limits you to a /64 is somewhat broken. For background: https://tools.ietf.org/html/rfc7421

The context of the original query was a BNG, and the discussion around numbering a subscriber (RG/CPE) link. SR OS (for the BNG in question) supports both unnumbered and numbered WAN links for RGs, using SLAAC (with its implicit prefix length), or IA_NA via DHCPv6. For your more typical router-to-router links, then by all means, use a /64, /127 or anything else you feel like. SR OS supports this too. AJ

On 29/04/2017, at 16:38, Andre Sencioles wrote:

...

On 25 April 2017 at 11:43, Alastair Johnson wrote: For your more typical router-to-router links, then by all means, use a /64, /127 or anything else you feel like. SR OS supports this too.

Not sure if this is still valid, but I had issues using /127's on ethernet links a couple of years ago.

My end (RouterOS) assumed the first available address to be the Subnet-Router anycast address, and listened on both addresses. Had to negotiate swapping the addresses with the other end to make it work.

Mikrotik (RouterOS) has an "interesting" (read non RFC) interpretation of how to do these "ip efficient" links. Mikrotik's solution here is to create the address on the link as a /32 or /128 and set the "network" to the other IP address you are using. They use this method internally for anything "point to point". I try avoid using this personally for /31 links myself because it behaves unusually and is too easy to get into bad habits that will cause problems in the future or with others. Regards Alexander

Andre _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz https://list.waikato.ac.nz/mailman/listinfo/nznog

On 30 April 2017 at 22:02, Pieter De Wit wrote:

The /64 linknet allows us to use SLAAC instead*** of DHCPv6, which is something that sits better with the networking guys :)

<snip>

*** I am sure that you could use DHCPv6 too, but SLAAC "sounds" like less work from an Admin point of view

If you want even less work, you could use neither on the WAN, just let them use link-local. Obviously still using stateful DHCPv6 to assign PDs for use behind the CPE. Most CPEs (IME YMMV etc), can be configured to use an IP from the PD to source traffic from. We did this initially to help alleviate host resource usage on the 7750, (3x hosts for dual stack, one for the IA_NA, IA_PD, and v4) however the newer versions of SROS have collapsed the v6 host resources into one, so this is now moot. But as we've had no issues with this in our deployment, other than the perceived scariness of not having a GUA address on the "WAN interface", we're sticking with it. -Richard