<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: [lir-wg] Discussion about RIPE-261

  • To: Michel Py < >
  • From: Gert Doering < >
  • Date: Tue, 27 May 2003 23:32:39 +0200
  • Cc: Gert Doering < >
hi,

On Tue, May 27, 2003 at 01:14:27PM -0700, Michel Py wrote:
> > The *benefit* of "/48 multihoming" is that you can filter those
> > routes if you don't want to see them - then your routers will
> > send packets down the /32 road, and eventually hit a router
> > that knows about the /48 (which is why I consider this approach
> > superior to "everybody gets a independent prefix", which I can't
> > properly aggregate).
> 
> This does _not_ work in at least two cases:
> 
> - If someone implements RPF checks and someone else filters.

Strict RPF check will break as soon as you have asymmetric routing, which
you usually can't avoid if you filter on upstream/peering lines.  So doing
that in the first place is a bad idea.  The RPF filter belongs on the
customer line (and will not hurt in this case).

> - If the primary ISP (the one that announces the /32) dies. The site is
> dead as well. This is the #1 reason why organizations do multihome: they
> want to be up even if their primary ISP tanks.

If the ISP dies hard enough so that their prefix will disappear, they 
won't be visible to people that filter on /32 boundaries and have no
fallback default route to one of their upstreams.

But so what.  If one of their upstream ISPs messes up seriously enough,
they can always hurt their downstream customers' routing (by announcing
the prefix and then blackholing internally, for example).

> Please look at the following (4 slides, very short)
> http://arneill-py.sacramento.ca.us/ipv6mh/pa_holes.ppt
> Then come back to me and tell me that PA holes and filtering work
> together.
> The slides should be self-explanatory but they were designed for live
> presentation. I do welcome questions.

Can't check those slides right now, now proprietary-file-format-viewer
available, sorry.  Will check tomorrow.

But besides your slides, experience from "what's out there" (in IPv4 land)
shows that the concept of PA holes works pretty well - for certain kinds
of problems.  It's not a panacea, but neither is any other approach.

Gert Doering
        -- NetMaster
-- 
Total number of prefixes smaller than registry allocations:  54837  (54495)

SpaceNet AG                 Mail: netmaster@localhost
Joseph-Dollinger-Bogen 14   Tel : +49-89-32356-0
80807 Muenchen              Fax : +49-89-32356-299
  • Post To The List:
<<< Chronological >>> Author    Subject <<< Threads >>>