Re: Why ULA: low collision chance (Was: IPv6 fc00::/7 — Unique local addresses)

• Previous message (by thread): Re: Why ULA: low collision chance (Was: IPv6 fc00::/7 — Unique local addresses)
• Next message (by thread): Re: Why ULA: low collision chance (Was: IPv6 fc00::/7 — Unique local addresses)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Oct 22, 2010 at 11:40 AM, Owen DeLong <owen at delong.com> wrote:
> On Oct 22, 2010, at 5:25 AM, William Herrin wrote:
>> On Fri, Oct 22, 2010 at 1:20 AM, Joel Jaeggli <joelja at bogus.com> wrote:
>>> On 10/21/10 6:38 PM, Owen DeLong wrote:
>>>> On Oct 21, 2010, at 3:42 PM, Jack Bates wrote:
>>>>> On 10/21/2010 5:27 PM, Joel Jaeggli wrote:
>>>>>>
>>>>>> Announce your gua and then blackhole it and monitor your prefix.
>>>>>> you can tell if you're leaking. it's generally pretty hard to
>>>>>> tell if you're leaking rfc 1918 since your advertisement may well
>>>>>> work depending on the filters of your peers but not very far.
>>>>>
>>>>> This is always the argument I hear from corporate customers
>>>>> concerning wanting NAT. If  mistake is made, the RFC 1918 space
>>>>> isn't routable. They often desire the same out of v6 for that
>>>>> reason alone.
>>>
>>> the rfc 1918 space is being routed inside almost all your adjacent
>>> networks, so if their ingress filtering is working as expected, great,
>>> but you're only a filter away from leaking.
>>
>> A filter away from leaking to -one- of the millions of entities on the
>> internet. Two filters away from leaking to two.
>>
> This underestimates the transitive property of leakage.

Owen,

Just for grins, let's put some rough math to that assertion. The
average percentage of the Internet reached by a ULA or RFC1918 leak
will be close to:

(1-A)^C

A = the probability of any given organization filtering private
address announcements and/or private address packets at their borders
B = the average width of the Internet in organizations (which should
be slightly higher than the width in ASes)

So filling in example numbers for the equation, if 50% filter
announcements or packets and the Internet is an average of 10
organizations wide then the scope of an address leak is:

(1-0.5)^10 = 0.5 ^ 10 = 0.1% of the Internet reached by the leak.

In that scenario, the leak is in a very real sense one thousandth as
serious as if the leak had been from GUA space which all of the
organizations make an effort to carry. And that's assuming that fully
half the organizations on the Internet just don't bother trying to
filter RFC1918 or ULA use from their public networks.

If 75% filter then a whopping 0.0001% of the Internet is reached by the leak.

Now, if only 10% filter then your leak reaches a largish 6% of the
Internet. That's a worry for someone hoping for some security benefits
to not using GUA space but it's far too little to support this bizarre
concern that ULA space would somehow supplant GUA space on the public
Internet and explode the routers.


Of course, I make no claim to know what the correct two constants are
in that equation. Perhaps the Internet is thinner. Perhaps nobody
filters egress packets despite years of proselytizing. Perhaps the ISP
peering interconnectedness corrupts the combinatorics I used to derive
the equation in a more substantial fashion than is obvious.

Or perhaps your worry about route leakage from non-GUA space really is
as overblown as the math suggests.

Regards,
Bill Herrin


-- 
William D. Herrin ................ herrin at dirtside.com  bill at herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004

• Previous message (by thread): Re: Why ULA: low collision chance (Was: IPv6 fc00::/7 — Unique local addresses)
• Next message (by thread): Re: Why ULA: low collision chance (Was: IPv6 fc00::/7 — Unique local addresses)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]