Time to add 2002::/16 to bogon filters?

Mon Jul 9 13:21:31 UTC 2018

Le 2018-07-06 16:43, Gary McArtor a écrit :

> Hi Youssef,
> 
> My original reply wasn't sent to the Nanog list.
> 
> Team Cymru considers 2002::/16  and 192.88.99.0/24  to be legitimate
> prefixes at this time, and will be not be adding them to our bogon
> filters.  Our interpretation of the 6to4 anycast rfc is that while 
> these
> are encouraged to be made obsolete, in practice they may still be in
> use, excluding them from being universally defined as a bogon in our 
> feed.
> 
> The RFC in question:
> https://tools.ietf.org/html/rfc7526
> 
> The rule, as it always should be, is to know your network, and know 
> what
> is best for it.  As noted in the RFC you are encouraged to review any
> current deployments and any existing filtering and adjust based on your
> own discretion.
> 
> Regards,
> 
> Gary McArtor
> Team Cymru
> 
> On 6/28/18 2:32 PM, Rabbi Rob Thomas wrote: FYI, the question has been 
> raised.  I'm not sure if this is wise or not.
> Gary, what are your thoughts?
> 
> -------- Forwarded Message --------
> Subject: Re: Time to add 2002::/16 to bogon filters?
> Date: Thu, 28 Jun 2018 21:11:22 +0200
> From: Youssef Bengelloun-Zahr <bengelly at gmail.com>
> To: Job Snijders <job at ntt.net>
> CC: NANOG [nanog at nanog.org] <nanog at nanog.org>
> 
> Hello Job,
> 
> Thank you for this feedback. I guess that NTT adopting this as a best
> practice will ring some bells around.
> 
> Do you know if Team Cymru has updated their filters accordingly ?
> 
> Best regards.
> 
> Le 28 juin 2018 à 20:58, Job Snijders <job at ntt.net> a écrit :
> 
> Dear alll,
> 
> Thank you all for your input. Just a heads-up - we deployed a few days 
> ago.
> 
> NTT / AS 2914 now considers "2002::/16 le 128" and "192.88.99.0/24 le 
> 32"
> to be bogon prefixes, and no longer accepts announcements for these
> destinations from any EBGP neighbor.
> 
> Kind regards,
> 
> Job

I think it's still used a bit ? I see today announcements over the 
following OriginAS over more than 2000 peers.

as1103    SURFnet bv
as1835    Forskningsnettet - Danish network for Research and Education
as2847    Kauno technologijos universitetas
as6939    HURRICANE
as16150   Availo Networks AB
as25192   CZ.NIC, z.s.p.o.
as28908   A3 Sverige AB

I'm pretty curious about customers impacts if your drop these anycast 
6to4 prefixes from your RIB/FIB ;)

At home, I use HE.net tunnel broker, because no native IPv6 (yes we 
already lose matches against Belgium regarding IPv6 and ... beer) and a 
quick dump shows traffic to 2002:/16 :

> sudo tcpdump -ni any 'net 2002::/16'
tcpdump: verbose output suppressed, use -v or -vv for full protocol 
decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 
262144 bytes
15:10:59.588097 IP6 2002:6bab:c6c6:0:e561:b9f7:b221:a73.51413 > 
2001:470:1f12:dead::beef.51413: UDP, length 94
15:10:59.588233 IP6 2001:470:1f12:dead::beef.51413 > 
2002:6bab:c6c6:0:e561:b9f7:b221:a73.51413: UDP, length 365

So I'm pretty sure it's still used when no IPv6 is available from an 
eyeball provider to mount a 6to4 tunnel over a provider that have well 
deployed IPV6 infrastructure. Perhaps some of the 6to4 tunnel can be 
tuned to not use anycast prefixes ?

-- 
FABIEN VINCENT
_ at beufanet_