1

Besides wasting IP addresses. Is there any other compelling reason to use a /31 subnet over a /30 on Point to Point links?

I am interested from a security perspective mainly. Would a /31 be more secure?

Ron Maupin
  • 98,218
  • 26
  • 115
  • 191
Display Name
  • 125
  • 3

3 Answers3

6

There is no particular security advantage. RFC3021 cites addressing efficiency as the motivation for implementing /31's

Ron Trunk
  • 66,852
  • 5
  • 65
  • 126
1

You might be interested in RFC 6164: "Using 127-Bit IPv6 Prefixes on Inter-Router Links". The abstract clearly mentions security as a motivation:

On inter-router point-to-point links, it is useful, for security and other reasons, to use 127-bit IPv6 prefixes.

The security issues described are the "ping-pong issue" (routing loop) and neighbor cache exhaustion, but as mentioned in the document, for IPv4 the discussion is a bit more academic:

The ping-pong issue happens in the case of IPv4 as well. But due to the scarcity of IPv4 address space, the current practice is to assign long prefix lengths such as /30 or /31 RFC3021on point-to-point links; thus, the problem did not come to the fore.

Community
  • 1
Gerben
  • 4,670
  • 20
  • 32
  • This gives reasoning for a /127 for IPv6, but it does not give any additional security to use a /31 over a /30 in IPv4 as the OP asks. In IPv4 using either prevents the effects you describe, so it simply doesn’t provide another reason to use a /31 over a /30. – YLearn Mar 21 '18 at 16:01
  • 1
    I don't disagree, but from the question I got the impression the OP was being curious rather then trying to solve a specific problem and felt this RFC was interesting reading material in this context. Sorry, I don't mind deleting the answer if it strays too much from the point. – Gerben Mar 21 '18 at 21:19
  • While it doesn't seem to actually address the concern of the OP, I agree it does provide a relevant tangent to the OP's question (which is why I didn't down vote). – YLearn Mar 21 '18 at 22:16
1

Maybe this previous question and it's answers will make thinks clearer:

Why do I get "% Warning: use /31 mask on non point-to-point interface cautiously" when I use a /31 subnet mask?

  • 3
    One of those days when you use google to find your own answers from a long time ago. ;-) –  Mar 21 '18 at 15:20
  • 3
    It is particularly fun when you have one of those days when you Google to find an answer to your own question and come up with an answer you wrote a long time ago.... – YLearn Mar 21 '18 at 16:05