Building network automation solutions

9 module online course

Start now!


  1. Really? Use /64 everywhere? And make that many neighbor entries possible?! Terrible advice.
    1. Yeah, what are they thinking? The next thing you know, they'll be telling us to run BGP across the DC core or to use layer 3 switches. Oh wait, what year is it?
    2. Nice try, fanboy. BGP != 18,446,744,073,709,551,616 potential entries in a finite table, or using massive address spaces because it's "too hard" to subnet.

      This is the stuff of charlatans.
    3. Just because a vendor messed up their hardware so that they do NDP snooping before ingress ACL doesn't mean that "using /64 everywhere" is a bad advice. And BTW, I was writing about that years ago...

      Not sure whether that particular vendor fixed their bug, but I'm positive this myth will persist for decades.

      Also, if you're that security conscious, why don't you use LLA for non-edge interfaces?
    4. Also, dear Anonymous, do check the /64 table sizes versus LPM table sizes on data center switches. Many of them have interesting limitations for prefixes longer than /64.
  2. I'm migrating LAN to IPv6. What happens with address selection if I want to use IPv6 ULA for LAN only and IPv4 for Internet?
    Will it work? Or Windows will prefer ULA for Internet and fail?
    1. As soon as the host gets a AAAA response to the DNS query, it will try to reach the IPv6 address of the server.

      Happy Eyeballs should take care of web browsing, everything else will experience various levels of brokenness.

      Long story short: don't do it.
    2. Thanks. But with the new OS is almost a necessity to configure IPv6 inside and the ISP doesn't give IPv6 outside yet. So what can we do? Maybe, dual stack inside with ULA, and IPv4 outside with NAT64 and DNS64?
    3. The hosts that desperately need IPv6 (primarily Windows Server) will use either LLA or 6-over-4 (in whatever form).

      Don't claim to have what you don't have.
Add comment