[6bone] non-global address space for IXs (was: 2001:478:: as /48)

Jeroen Massar jeroen@unfix.org
Fri, 5 Sep 2003 09:54:34 +0200

Previous message: [6bone] non-global address space for IXs (was: 2001:478:: as /48)
Next message: [6bone] non-global address space for IXs (was: 2001:478:: as /48)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----

Chris Liljenstolpe wrote:

> I have to disagree here.  Having globally routable address 
> space for each hop on a network path is really, really useful for 
> troubleshooting.  We've run into issues where folks have used private
> address space in the v4 world for "private" portions of the public Internet,
> and it make troubleshooting and operational support very painful.  Please 
> do not go down this road in v6.

2001:478::/32 is *NOT* an IX prefix. It's a normal TLA allocated
from ARIN to a LIR. If the "IX's" in that prefix want to be reachable
they should announce the /32 and handle all the AS4555 IPv6 traffic
themselves. The /32 is not and has never been present in the GRT.

Also note that the 3 IX prefixes from the RIR's nicely note that
they are quite probably not globaly reachable because they are /48's.
Also note that for those 3 IX prefixes the /32 will not be announced
and those will quite probably not be reachable because of the /48's.

Note that some ISP's drop no-export's and thus simply do reannounce
prefixes coming from IX's. See my RIPE46 presentation and GRH.

Ofcourse anyone could announce a more specific. It's up to their
peers to filter or not.

IMHO currently, at least filter anything /48 - /128 and </16.
Aka at least use Gert's "relaxed" filter:
http://www.space.net/~gert/RIPE/ipv6-filters.html

If you are a thinking forward then use the "strict" filter.

Greets,
 Jeroen

> > Date: Fri, 05 Sep 2003 00:34:43 +0900 (JST)
> > To: bmanning@ISI.EDU
> > Cc: 6bone@ISI.EDU
> > Subject: Re: [6bone] 2001:478:: as /48
> > From: Akira Kato <kato@wide.ad.jp>
> >
> >
> >> this prefix has/is being carved up into /48 and /64 subnets for
> >> use at exchange points and other infrastructure support services.
> >
> >> Do not expect to see it aggregated.
> >
> > I have a question: do we need to make such a prefix assigned to
> > an exchange point reachable globally?
> >
> > Provided if every ISP uses "next-hop-self" to their I-BGP 
> peering, the
> > addresses on an IX is used only for E-BGP peering. What we loose if
> > nobody advertises the IX prefix globally (or even locally)?
> >
> > If the address is not globally reachable, it is impossible to send
> > packets to the routers on the IX and this will be a measure for the
> > remote DoS attack if not perfect.
> >
> > In order to make traceroute happy we may need to establish a DNS zone
> > for reverse lookup. But such a DNS server does not have to be on the
> > IX.

-----BEGIN PGP SIGNATURE-----
Version: Unfix PGP for Outlook Alpha 13 Int.
Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/

iQA/AwUBP1hBFSmqKFIzPnwjEQJS3ACglwf0bDfxBaMw8qiQZtd0C7kfcNgAni4Z
rxCrAjWROrtAZ93vkZOp5cns
=51ex
-----END PGP SIGNATURE-----

Previous message: [6bone] non-global address space for IXs (was: 2001:478:: as /48)
Next message: [6bone] non-global address space for IXs (was: 2001:478:: as /48)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]