[6bone] RE: [ipv6-wg@ripe.net] Update on IPv6 filter recommendation

[Pekka Savola]

On Tue, 13 May 2003, Michel Py wrote:
> > ipv6 prefix-list ipv6-ebgp-strict permit 2001::/16 ge 24 le 32
> 
> This could also be refined. Not all 2001::/16 has been delegated to
> RIRs. ARIN got a block, RIPE got a block, APNIC got a block, but there
> still is some undelegated space. The drawback of refining to that level
> is that it will inevitably induce a situation similar to 69/8 and will
> require maintenance, but the other side of that coin is that it would
> prevent people from hijacking prefixes from undelegated space.
> 
> As an example and please correct me if wrong in the address I picked
> because it's all from memory, if I hijack and announce 2001:FEED::/32
> that would pass your filter but this prefix can't be assigned to anybody
> now as it is not part of a larger block that has been delegated to a
> RIR, so it must be a hijack.

RIR's have obtained multiple blocks, as they receive them in the chunks of 
/23's from IANA. (A thing I've complained about to IANA, btw.).  So, they 
need a new one every 2^6 = 64 allocations.  That's way too often, and 
maintenance would be a pain.

With current mechanisms, there's always a way to hijack space (e.g. you
could announce a slice of /32 from the /29 everyone has been reserved), we
really can't avoid it using bogon filters..

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings