IPv6 routing /48s

Michael Sinatra michael at rancid.berkeley.edu
Tue Nov 18 16:24:27 CST 2008


On 11/18/08 9:59 AM, Jeroen Massar wrote:
> Michael Sinatra wrote:
>> On 11/18/08 9:26 AM, Christopher Morrow wrote:
>>> On Mon, Nov 17, 2008 at 9:02 PM, Nathan Ward <nanog at daork.net> wrote:
>>>>     I wish them good luck in reaching the DNS root servers.
>>>>   They are in "critical infrastructure" space, which is a single /32
>>>> with
>>> traceroute6 to the ISC's v6 allocation(s) for f-root ... (from inside
>>> 701) oh, not working...
>>> traceroute6 to ipv6.google.com from inside 701, oh... not working either.
>>>
>>> vzb's v6 table is far from complete :( which is pretty painful.
>> And it just reinforces the fear that people have against putting AAAA
>> records in DNS for their publicly-accessible resources, especially www.
> 
> Having no route is not a problem, you should get a destination
> unreachable directly and all is fine because IPv4 should be used as a
> fallback.

Not all routers send dest unreachable (yes they should).  Not all 
firewalls pass it.  And, worst of all, we have even seen OSes that don't 
pay any attention to dest unreachables and just wait for timeouts. :(

Fortunately those latter edge cases seem to be getting fixed, but YMMV.

michael




More information about the NANOG mailing list