Comment by jandrese
6 days ago
Point of fact it's giving 4 billion Internets worth of addresses to every local subnet.
You will sometimes see admins complain that IPv6 demands that you allow ICMP (at least the TOOBIG messages) through the firewall because they're worried that people on the internet will start doing pingscans of their network. This is because they do not understand what 2^64 is.
And won't that allow pingscans?
Do the math on 2^64 possible host addresses, multiply by the length of an IPv6 ICMP ECHOREQUEST, and then divide by available bandwidth to determine how long it might take you to scan a single subnet.
Hint: the ICMPv6 packet is no shorter than 48 bytes and there are 1.8446744e+19 addresses to scan.