2005-1, good or bad? [Was: Re: Shim6 vs PI addressing]

Fri Mar 3 03:54:38 UTC 2006

Hello;

On Mar 2, 2006, at 5:06 PM, Iljitsch van Beijnum wrote:

> On 2-mrt-2006, at 21:42, Andre Oppermann wrote:
>
>> To answer your question: I do support the rationale behind 2005-1
>> to allow for PI address space according to current IPv4 rules but
>> I think it is premature right now to make the decision in this way.
>> Once the first /48 according to it went out we have to support and
>> carry it forever in the DFZ.  Right now I'm against 2005-1.
>
> This is in and of itself enough to reject 2005-1, and I urge the  
> ARIN constituency to do exactly that. We've had restrictive  
> policies around the world for many years now, and so far we've been  
> able to live with it. The IETF

2005-1 is fairly close to 2002-3, which has been in place for almost  
3 years, and so far we've been able to live with it.

> is making good progress with its multihoming in IPv6 efforts:  
> implementable RFCs should be forthcoming within a year. Currently,  
> IPv6 deployment is not such that lack of multihoming is creating  
> big problems. If this situation changes, a policy proposal like  
> this one can presumably be adopted fast enough to avoid significant  
> problems.
>
> I've talked long and hard about why it's bad to have nearly  
> unrestricted PI in IPv6 because the routing system can't scale  
> (either at all or at reasonable cost) to accommodate this, but  
> apparently this argument isn't universally convincing among  
> operators. However, within the IETF there is reasonable consensus  
> that there is enough of a risk to warrant efforts to provide  
> multihoming benefits that don't impact routing.
>

The IETF is at serious risk of being overtaken by events here, in my  
humble opinion. I have just returned from China, where there is a  
serious effort focused on deploying IPv6, and where there are 111  
million Internet users,
most with broadband, according to government statistics. I do not  
think that they and the other people waiting on
IPv6 are going to wait a decade for this to be sorted out.

> Also, having /48s for PI is a bad choice as it procludes easy  
> filtering of accidental deaggregated PA prefixes. ISPs are getting / 
> 32s or larger, and customers often get a /48. Deaggregating a /32  
> into /48s has the potential to increase the global routing table by  
> 65000 routes. Such an event will almost certainly overload routers  
> that don't filter those prefixes out. Experience in IPv4 shows us  
> that accidental deaggregation is relatively common. The easiest way  
> to avoid problems when this happens is filter out all /48s. Today,  
> there must already be exceptions for root server /48s, but as the  
> number of exceptions grows the filtes will become more fragile and  
> the risk of deaggregation that isn't caught by filters increases.
>

This to be honest sounds like the sort of thing that router vendors  
would love to build filters for, much
like dampening routing flaps or rate limiting MSDP storms. After all,  
an ASN going from one address block to 65,000 should be detectable  
automatically. I see no reason why this will lead to the filtering of  
all IPv6
/48's.

> Finallly, allow me to observe that deciding on this issues  
> regionally while the resulting routes must be carried world wide  
> doesn't make sense. We really need a global forum for this.

I fully agree here. Maybe a meeting should be organized in the fall  
of 2006 or early 2007 to discuss this,
either under the auspices of the NRO (http://www.nro.net) or  
independently.

Regards
Marshall