Is it best practice to have the internet facing BGP router's peering ip (or for that matter any key gateway or security appliance) use a statically configured address or use EUI-64 auto config?
I have seen comments on both sides and am leaning to EUI-64 (except for the VIP's like the ASA's failover ip )
-Philip
We configure customers with a statically assigned IP address for BGP peering.
They get the IP assigned to them as part of the turn-up process.
The same process happens for "IP Classic" aka v4 as v6.
- Jared
(If you are a AS2914 customer and aren't doing IPv6 with us, don't hesitate to ping me and I will get your information over to that team).
how are you going to set up the bgp session from the remote side to an
eui-64 auto configured address on your side?
best use static here. And make sure to disable RA (with fire, i.e. disable
send + receive + answering solicited requests) and EUI64. If it's a point
to point link, use a /126 or /127 netmask.
Nick
+1. I've seem some providers do /64 on their point-to-point links. I don't have an issue with that, and the whole /64 vs /126 or /127 debate has been thoroughly beaten into the ground. No need to re-hash it.
I have never seen a provider use a pseudo-dynamic address on an interface/BGP peer. Having to reconfigure a BGP session because a provider did a hardware upgrade or moved my link to a new interface would not make me happy.
jms
Hi,
Is it best practice to have the internet facing BGP router's peering ip (or for that matter any key gateway or security appliance) use a statically configured address or use EUI-64 auto config?
I have seen comments on both sides and am leaning to EUI-64 (except for the VIP's like the ASA's failover ip )
Static. You don't want to have to contact all of your peers when the EUI-64 address changes when you replace hardware.
Cheers
Sander
There are tradeoffs in both directions.
Personally I think administrative simplicity wins over security through obscurity, so I recommend each organization pick a random pair of static addresses and use those two addresses for all of their point to point links.
e.g. If your prefix for a given link is 2001:db8:xxxx:yyyy::/64, and you randomly choose the suffixes dead:beef:cafe:babe and dead:beef:cafe:feed as your end-point addresses, then the links would be numbered 2001:db8:xxxx:yyyy:dead:beef:cafe:{babe,feed}.
YMMV and I don't recommend using my examples in practice.
Owen
Agreed,
We do a /64 allocation which is reserved for each point to point link, but then subnet it to a /126 for actual use. That way we've got a /64 available if it's ever needed, while keeping the broadcast domain small for now when we don't.
JJ Stonebraker
IP Network Engineering
Grande Communications
512.878.5627
If only there was a best practices doc to help here... Oh wait there is!
http://bcop.nanog.org/index.php/IPv6_Subnetting
It doesn't specifically mention BGP so as to be protocol agnostic but
does recommend allocating a /64 and using a /126 or /127.
rfc 6164
I guess as a follow up question. Do you use the EUI-64 address as the Default gateway or the link local.
I guess as a follow up question. Do you use the EUI-64 address as the
Default gateway or the link local.rfc 6164
what's link local? does it do vrrp? 
randy