[6bone] non-global address space for IXs (was: 2001:478:: as
/48)
Chris Liljenstolpe
Chris Liljenstolpe <cds@io.com>
Fri, 05 Sep 2003 15:26:42 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Greetings,
Thank's Jeroen. That's not what I was specifically referring to,
btw. I was referring to a proposal to make IX address non-globally
routed, which I think is a bad idea.
Chris
- --It is whispered that on 2003-09-05 09:54 +0200, jeroen@unfix.org
mumbled
this regarding RE: [6bone] non-global address space for IXs (was:
2001:478:: as /48)
> -----BEGIN PGP SIGNED MESSAGE-----
>
> Chris Liljenstolpe wrote:
>
>> I have to disagree here. Having globally routable address
>> space for each hop on a network path is really, really useful for
>> troubleshooting. We've run into issues where folks have used private
>> address space in the v4 world for "private" portions of the public
>> Internet, and it make troubleshooting and operational support very
>> painful. Please do not go down this road in v6.
>
> 2001:478::/32 is *NOT* an IX prefix. It's a normal TLA allocated
> from ARIN to a LIR. If the "IX's" in that prefix want to be reachable
> they should announce the /32 and handle all the AS4555 IPv6 traffic
> themselves. The /32 is not and has never been present in the GRT.
>
> Also note that the 3 IX prefixes from the RIR's nicely note that
> they are quite probably not globaly reachable because they are /48's.
> Also note that for those 3 IX prefixes the /32 will not be announced
> and those will quite probably not be reachable because of the /48's.
>
> Note that some ISP's drop no-export's and thus simply do reannounce
> prefixes coming from IX's. See my RIPE46 presentation and GRH.
>
> Ofcourse anyone could announce a more specific. It's up to their
> peers to filter or not.
>
> IMHO currently, at least filter anything /48 - /128 and </16.
> Aka at least use Gert's "relaxed" filter:
> http://www.space.net/~gert/RIPE/ipv6-filters.html
>
> If you are a thinking forward then use the "strict" filter.
>
> Greets,
> Jeroen
>
>> > Date: Fri, 05 Sep 2003 00:34:43 +0900 (JST)
>> > To: bmanning@ISI.EDU
>> > Cc: 6bone@ISI.EDU
>> > Subject: Re: [6bone] 2001:478:: as /48
>> > From: Akira Kato <kato@wide.ad.jp>
>> >
>> >
>> >> this prefix has/is being carved up into /48 and /64 subnets for
>> >> use at exchange points and other infrastructure support services.
>> >
>> >> Do not expect to see it aggregated.
>> >
>> > I have a question: do we need to make such a prefix assigned to
>> > an exchange point reachable globally?
>> >
>> > Provided if every ISP uses "next-hop-self" to their I-BGP
>> peering, the
>> > addresses on an IX is used only for E-BGP peering. What we loose if
>> > nobody advertises the IX prefix globally (or even locally)?
>> >
>> > If the address is not globally reachable, it is impossible to send
>> > packets to the routers on the IX and this will be a measure for the
>> > remote DoS attack if not perfect.
>> >
>> > In order to make traceroute happy we may need to establish a DNS zone
>> > for reverse lookup. But such a DNS server does not have to be on the
>> > IX.
>
> -----BEGIN PGP SIGNATURE-----
> Version: Unfix PGP for Outlook Alpha 13 Int.
> Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/
>
> iQA/AwUBP1hBFSmqKFIzPnwjEQJS3ACglwf0bDfxBaMw8qiQZtd0C7kfcNgAni4Z
> rxCrAjWROrtAZ93vkZOp5cns
> =51ex
> -----END PGP SIGNATURE-----
>
>
- --
Chris Liljenstolpe
GPG Keys: http://www.io.com/~cds/cdl-keys.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (Darwin)
iD8DBQE/WONzS7vf0lGnolIRAo8ZAKCxc05X9eOVo5PITKNtCytdPxl2XgCggmfD
Zh3LpJYeP5K1difR7woElfc=
=p+fV
-----END PGP SIGNATURE-----