[6bone] non-global address space for IXs (was: 2001:478:: as /48)

[Jeroen Massar]

-----BEGIN PGP SIGNED MESSAGE-----

Stephane Bortzmeyer [mailto:bortzmeyer@gitoyen.net] wrote:

> On Sunday 7 September 2003, at 1 h 14, 
> Gert Doering <gert@space.net> wrote:
> 
> > > address space is not globally routed, it breaks PMTU-Disc, traceroute,
> > > etc.
> > 
> > It does nothing of this, *unless* you're also doing reverse-path filtering
> > on your external links 
> 
> Even if you do not filter incoming unsollicited ICMP, many networks filter 
> incoming RFC 1918 packets and therefore you will lose the PMTU messages.

Fortunatly IX Prefixes are globally unique, so this is not the case.

Having RFC1918 or other possibly non-globally unique addresses on the
wire is a bad thing(tm). We got rid of site-locals fortunatly :)

<SNIP>

> I agree with Robert Kiessling <Robert.Kiessling@de.easynet.net> that non-announced - or 
> announced-but-filtered - addresses are *less* a problem than 
> RFC 1918, until people start filtering incoming packets whose 
> IP source address is not in an announced block...

Fortunatly the IX prefixes are well known and have been established
through global policy. Making an exception for it then would not
be a huge problem. People who filter should also be aware of the
consequences :)

>From your other reply:

> > > Note that some ISP's drop no-export's
> ...
> > And those ISPs should be flogged and have their peering sessions
> > admin-downed 
> 
> OpenTransit does it (and therefore the local replica of F.ROOT-SERVERS.NET
> in HonkKong is announced world-wide). You want to sever links with OpenTransit?

OpenTransit should be flogged in that case :)
glbx and Tiscali drop some no-export's too, they should obey it.

Greets,
 Jeroen


-----BEGIN PGP SIGNATURE-----
Version: Unfix PGP for Outlook Alpha 13 Int.
Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/

iQA/AwUBP1s4ZimqKFIzPnwjEQL7pwCfSD5uN8vZEwvLtqCvurofcH1CeLUAoLv5
8R7iehxDV8S5qJgVKA2nj2rr
=Qk/o
-----END PGP SIGNATURE-----