[ipv6-wg at ripe.net] RE: /48 micro allocations for v6 root servers, was: national security
- Previous message (by thread): [ipv6-wg at ripe.net] RE: /48 micro allocations for v6 root servers, was: national security
- Next message (by thread): [ipv6-wg at ripe.net] RE: /48 micro allocations for v6 root servers, was: national security
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
David Kessens
david at iprg.nokia.com
Wed Dec 10 02:10:47 CET 2003
Jeroen, Would you be willing to put a presentation together regarding all the 'special' ranges of addresses that you have found/know about so that we can have a discussion regarding this topic on the next RIPE meeting? Thanks, David K. PS The RIPE meeting is coming up in January so I am very much interested in input for agenda items! --- On Tue, Dec 09, 2003 at 12:20:20AM +0100, Jeroen Massar wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > Gert Doering [mailto:gert at space.net] wrote: > > > On Mon, Dec 08, 2003 at 10:01:53PM +0100, Jeroen Massar wrote: > > > There are currently quite some ISP's who filter anything >/35. > > > Generally ISP's should be filtering on allocation boundaries. > > > Thus if a certain prefix is allocated as a /32, they should not > > > be accepting anything smaller (/33, /34 etc) > > > > There is no commonly agreed-upon best practice for this yet. > > Some ISP's do it, most don't. > > Btw CH-SUNRISE-20031124 = 2001:1700::/27, so Libertel isn't the > biggest girl on the block anymore with their /31 :) > > > We do *not* suppress more-specifics from those address blocks, as we > > think it's a legitimate wish for certain networks to be multihomed, > > and currently there is no other solution than to go for the pragmatic > > approach, and just announce a /40 or even /48. > > > > I agree that things that are more specific than a /48 should not be > > out there. > > Indeed. And yes there are ISP's announcing /128's etc. > And private ASN's for that matter or even using them as transit. > > <SNIP> > > > As you cite my page, you will also know that it does not make a specific > > recommendation on the subject of "filtering things between /35 and /48"... > > Yups and I fully support that argument. > > If it was done we would currently see 413 prefixes, those are the > 'allocated' prefixes that are getting announced. > In GRH each of the ~30 peers have an average of 459 prefixes. > Checking just know, the highest number of prefixes send to GRH > was 515 prefixes, which is far from the 20k or even 30k if all > the ASN's would announce 1 IPv6 prefix. > > At the moment that is certainly no problem and it shouldn't be > for years to come, unless IPv6 really takes off. Google/Doom3 IPv6 anyone? > > The biggest advantage that IPv6 already has is that a single > ISP already gets enough space, thus it doesn't need to > > Iljitsch van Beijnum [mailto:iljitsch at muada.com] wrote: > > > On 8-dec-03, at 22:01, Jeroen Massar wrote: > > > > > There are currently quite some ISP's who filter anything >/35. > > > Generally ISP's should be filtering on allocation boundaries. > > > Thus if a certain prefix is allocated as a /32, they should not > > > be accepting anything smaller (/33, /34 etc) > > > > So how are ISPs supposed to know what the allocation size for a > > particular prefix is? This type of filtering only works if the filter > > list is relatively short and pretty much never changes. Anything else > > and the cure is worse than the disease. > > The proposed "Redistribution of Cooperative Filtering Information" draft > could help out there which allows one to redistribute 'good prefix' lists. > See https://www1.ietf.org/mail-archive/working-groups/idr/current/msg00201.html > for the draft or http://arneill-py.sacramento.ca.us/redisfilter.ppt for > the presentation given in Minneapolis. > > Without that or a similar system, it would be a pain indeed. > That's why I pointed to Gert's page which has a better and > currently working solution. > > <SNIP> > > > > Currently the !3! IX blocks (2001:7f8::/32 + 2001:504::/32 + > > > 2001:7fa::/32) > > > are seen being announced in pieces too. Maybe these IX blocks, which > > > are common already could be used for assigning 'critical infra' from? > > > > Note that announcing the actual prefix for an internet exchange subnet > > tickles an undesirable BGP feature in places where the prefix isn't > > filtered, so these prefixes are best not announced. > > As far as I can see with the GRH tools etc, all the prefixes > that are allocated as "IX Prefixes" and those that are in use > are currently visible worldwide. > > > The allocations seem to be /48s and not /64s though, so in > > practice this shouldn't be a problem but still no reason why > > these should be globally visible. > > The only reason I heared so far is so that people in Tokio can > ping the IX interface in London or a similar kind of scenario. > They argue that it is handy for debugging. My take is that if > it isn't your network, you can't fix it either, so if a traceroute > ends on that box, contact them, they can really figure it out. > > > Root nameservers are a very different story of course... > > A /32 contains 65k /48's, so these IX blocks could provide for > enough /48's for 65k IX's, thus unless that switch at the back > of my desk, which connects 'neighbours' too is to be called an > IX, because they have a linux router and me too and they speak > BGP is going to be called an IX it shouldn't be a problem if > the same block is used for 26? and maybe 3 tld servers per country. > > At least everybody will know that that /32 will have more specifics. > > Greets, > Jeroen > > -----BEGIN PGP SIGNATURE----- > Version: Unfix PGP for Outlook Alpha 13 Int. > Comment: Jeroen Massar / jeroen at unfix.org / http://unfix.org/~jeroen/ > > iQA/AwUBP9UHMymqKFIzPnwjEQLiLwCgta1mOkrixvXcZD8mTLheePv9ERYAn3GK > Rt2Hp+dk8HVBDuFaub0lf6Rt > =OqJO > -----END PGP SIGNATURE-----
- Previous message (by thread): [ipv6-wg at ripe.net] RE: /48 micro allocations for v6 root servers, was: national security
- Next message (by thread): [ipv6-wg at ripe.net] RE: /48 micro allocations for v6 root servers, was: national security
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ ipv6-wg Archives ]