[6bone] Re: RFC 2772 input from RIR space holder

Petr Baudis pasky@xs26.net
Fri, 22 Nov 2002 15:17:47 +0100


Dear diary, on Thu, Nov 21, 2002 at 07:14:22PM CET, I got a letter,
where Robert Kiessling <Robert.Kiessling@de.easynet.net> told me, that...
> Petr Baudis <pasky@pasky.ji.cz> writes:
> 
> >   Basically, Jan's proposal is like: the distribution of the prefixes does not
> > need to change fundamentally, the only change required is in 6bone -> RIRs
> > connections. In such passages, 6bone sites MUST NOT announce prefix 2001::/16
> > nor any more specific prefixes matching this prefix, and RIR sites MUST filter
> > any such prefixes.
> 
> That's an interesting proposal.
> 
> However, I see one major disadvantage: The protection breaks down if
> only one of the connections between RIR and 6bone is not filtered.
> 
> The "6bone sites don't exchange 2001::/16" model looks more robust in
> this respect.

Well, the protection breaks down if the 6bone sites will break that rule (which
is *much* more likely, BTW). The protection is two-level here, 6bone site
should filter outgoing and RIR site should filter incoming. And the breakage
caused by one such a leak would be only minimal here, I believe; and as the
time will go on and the density of production v6 network will raise, the harm
will decrease exponentially. After all, Roger seemed so enthusiastic and
confident about coordinating the RIRs.. ;-)

> How would dual sites be handled? Would they count as "RIR" in this
> respect, i.e. they must filter RIR space from peerings with other
> 6bone (or dual) sites?

I think that it depends on their own internal decision - they MUST at least
filter the prefixes properly at peerings with other RIRs, they probably SHOULD
filter them on the peerings with 6bone sites as they'd protect themselves.

-- 
 
				Petr "Pasky" Baudis
.
weapon, n.:
        An index of the lack of development of a culture.
.
Public PGP key && geekcode && homepage: http://pasky.ji.cz/~pasky/