alt Hacker NewsI have not had a deal with this, but if I was going to, I would start at the /64 and move up by nibble (4-bit) boundaries: /64, /60, /56, /52, /48.
/56 is often recommended as the minimum as for a (residential) customer. /48 is considered a "site" address prefix, and is the smallest allocation that can be advertised in BGP:
* https://blog.apnic.net/2020/06/01/why-is-a-48-the-recommende...
* https://www.infoblox.com/blog/ipv6-coe/a-48-for-every-site-a...
You get 65k subnets with it, which is what you get with 10/8.
Replies
roryirvine • yesterday at 3:29 PM
Yes, /64 is a reasonable starting point for blocking outright, but /48 is the right unit for scoring reputation.
APNIC blog says /48 prefixes are for global routing, i.e. site=country there, not web server.
>/48 is the minimum prefix size that will be routed globally in the BGP.