What is BCP re De-Aggregation: strict filtering /48s out of /32 RIR minimums.

• Previous message (by thread): What is BCP re De-Aggregation: strict filtering /48s out of /32 RIR minimums.
• Next message (by thread): DHCPv6 and MAC addresses
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In a message written on Wed, Nov 14, 2012 at 01:10:57PM +0000, Ben S. Butler wrote:
> I am hoping for a bit of advice.  We are rolling out IPv6 en mass now to peers and I am finding that our "strict" IPv6 ingress prefix filter is meaning a lot of peers are sending me zero prefixes.  Upon investigation I determine they have de-agregrated their /32 for routing reasons / non interconnected islands of address space and in consequence advertise no covering /32 route.  The RIR block that the allocation is from is meant to have a minimum assignment of /32.

You are conflating two different issues, which are essentially
toally unrelated.  There is the smallest size block an RIR will
allocate out of some chuck of address space, and then there is how
people announce it on the Internet.  In the real world they have
almost nothing to do with each other, something folks understand today
in IPv4 but seem to think IPv6 magically fixes, it doesn't.

[Historically there were folks who maintained filters on IPv4 space, but
they gradually disappeared as the filters became so long they were
unmaintinable, and people discovered when your job is to connect people
throwing away routes is a bad thing.]

For instance, there are folks who could use the "multiple discrete
networks" policy to get a /48 for each of their 5 sites.  But instead
they get on /32, use a /48 at each site, and announce them
independantly.  Same prefixes in the table, but filtering on the
RIR /32 boundry means you won't hear them.

I'll point out it's not just longer, but shorter prefixes as well:

> ipv6 prefix-list ipv6-ebgp-strict permit 2001:500::/30 ge 48 le 48

F-Root announces 2001:4f8:500:2e::/47.  You're going to miss it.
There are other servers in this block that are in /47's or /46's.

If connectivity is what you value, here's the right filter:

ipv6 prefix-list ipv6-ebgp-permissive 2001::/12 ge 13 le 48

Yes, the DOD has a /13, and yes, people expect to be able to announce
down to a /48.

-- 
       Leo Bicknell - bicknell at ufp.org - CCIE 3440
        PGP keys at http://www.ufp.org/~bicknell/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 826 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20121114/51c5ea4a/attachment.sig>

• Previous message (by thread): What is BCP re De-Aggregation: strict filtering /48s out of /32 RIR minimums.
• Next message (by thread): DHCPv6 and MAC addresses
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]