2048 is only suitable for small environments. Given privacy extension and crypto addresses (i.e. SeND), only a handful nodes are sufficient to reach this limit.

In larger environment (i.e. carrier networks or university lans) the limit is easily reached directly.

So I'd like to see a limit of 16k or more for the first try to limit it from the former "unlimited".

For and end-node? If you are a router you might want tune other things as well but then it pretty much does depend on your customer size. Remember this one is per interface. Say if you are a DC router and your average customer has 1 machine with a handful of static IP addresses, even 2k on a VLAN interface is probably way too big.

Yes, I use FreeBSD for routing, not as a desktop or end node.
YMMV, please feel free to ignore my comment.

I would suggest doubling to 4k, I can think of a particular user that has some flat VLANs in a big chassis switch pair and will have a few entries per host.

And all these addresses on all these hosts always talk to all of the others?

This is lossy memory for me, maybe @shurd can poke around at some machines in DAL

ND is multicast. You might receive ND messages from others and learn (like gratious arp). Simply assume a not so intelligent switch. Consider cryptographically generated addresses or privacy extensions (up to a new address per destination and or connection)

Ok, I guess the answer will be to scale this based on memory then. As your tiny IoT device is going to run the same code as your super-huge-server in your server-farm. And while the later probably has resources to deal with 4k or 16k or 128k, the former may still keel over in rows very quickly.

count is misleading, "added" seems enhance the casual reader's understanding. Count reads like a total value.

Either add unconditionally or only if > 0

May those lines stay together?

Not sure what you mean by that? Do you mean if we can link the new before unlinking the old? If that is the question the answer is yes as it is a simple list insert/remove under the same lock.

Nit: if_name(llt->llt_ifp) ?

Nit: worth adding contract on return value here instead of/in addition to v6 part, as we'll be changing it for v4 as well.

I was under impression that physmem reflects the amount of physical memory in bytes (so effectively we end up with 16k for >4M). Am I missing something?

Sorry for responding for that late, but would it be possible to outline the logic as a comment here?
Say, start with 4 entries anyway (as the safe bet), and do binary increase starting from 16M, while retaining 16k as maximum?

Give llt_entries has been added to the llt_table, would it be possible to move accounting to the core llt functions? Similar problem (though less severe) exists in IPv4 world as well.

Sorry, would it be possible to move this block under the lltable_unlink_entry() ?
If we have too many entries we may end up locking ln_tmp and then returning without deleting/unlocking it.

The ln_tmp value is extracted and immediately tested. Now new code is moved upwards between those lines. I do not grasp, why this code needs to stay between those lines of ln_tmp

OK. What if I update the patch, move the logic into the base functions (no longer needing to have IPv6 special functions), add the maximum where I put the llt_spare spare field and make the SYSCTL a proc function which on write loops over the tables of the given protocol family and updates the table limits (I'd love to think about an improved, pro-active expiry mechanism in the future but not complicate things now in the first pass). Does that sound better?

Oh I missed the LLE_EXCLUSIVE; I'll fix that. Thanks a lot for catching this!
The idea was not to change the current status if we cannot insert.

Certainly, sounds awesome!

Nit: can we have it bool?

Nit: worth converting to bool this as well