Re: Why ULA: low collision chance (Was: IPv6 fc00::/7 — Unique local addresses)

Ray Soucy rps at maine.edu
Fri Oct 22 11:07:41 CDT 2010


It's amazing how much of a problem you think leaking of prefixes is...

I don't know about you, but I'm pretty strict about what prefixes I
allow to be advertised up to me from people we service.

I'm not sure having a random private prefix will make much of a
difference, since it sounds like fat-fingering a GUA and hijacking a
real prefix is just as (or even more) likely.

I think the original point was that if you do decide to use ULA, then
stay in FD00::/8 and not FC00::/7, there is no way to force people to
follow the RFC for something thats non-routed unless we involve
vendors.

If it sounds like a good idea to include the random 40-bit segment and
you can tolerate having non-routed addresses be a little more
difficult to remember, then go for it.  If you don't follow the RFC
and it bites you because of a merger in the future, then it's your own
fault and you haven't affected anyone.

In the vast majority of environments, even if this space did leak out
into the global table and wasn't filtered at all, you would probably
still maintain normal operation because your non-routed networks would
be a shorter path than anything advertised back down to you.

Do we really need 80 messages talking about the dangers of leaking?
Perhaps you should see your doctor if its that big of a problem.  I
think there are some drugs to fix that problem these days...

The obvious assumption is that anyone who is providing IPv6 transit is
already protecting themselves appropriately, just as they already do
in the IP world.

On Fri, Oct 22, 2010 at 11:40 AM, Owen DeLong <owen at delong.com> wrote:
>
> On Oct 22, 2010, at 5:25 AM, William Herrin wrote:
>
>> On Fri, Oct 22, 2010 at 1:20 AM, Joel Jaeggli <joelja at bogus.com> wrote:
>>> On 10/21/10 6:38 PM, Owen DeLong wrote:
>>>> On Oct 21, 2010, at 3:42 PM, Jack Bates wrote:
>>>>> On 10/21/2010 5:27 PM, Joel Jaeggli wrote:
>>>>>>
>>>>>> Announce your gua and then blackhole it and monitor your prefix.
>>>>>> you can tell if you're leaking. it's generally pretty hard to
>>>>>> tell if you're leaking rfc 1918 since your advertisement may well
>>>>>> work depending on the filters of your peers but not very far.
>>>>>
>>>>> This is always the argument I hear from corporate customers
>>>>> concerning wanting NAT. If  mistake is made, the RFC 1918 space
>>>>> isn't routable. They often desire the same out of v6 for that
>>>>> reason alone.
>>>
>>> the rfc 1918 space is being routed inside almost all your adjacent
>>> networks, so if their ingress filtering is working as expected, great,
>>> but you're only a filter away from leaking.
>>
>> A filter away from leaking to -one- of the millions of entities on the
>> internet. Two filters away from leaking to two.
>>
> This underestimates the transitive property of leakage.
>
> Owen
>
>
>



-- 
Ray Soucy

Epic Communications Specialist

Phone: +1 (207) 561-3526

Networkmaine, a Unit of the University of Maine System
http://www.networkmaine.net/




More information about the NANOG mailing list