nanog mailing list archives

Re: IPv6 foot-dragging

From: Matthew Petach <mpetach () netflight com>
Date: Fri, 13 May 2011 09:42:08 -0700

On Fri, May 13, 2011 at 12:56 AM, Iljitsch van Beijnum
<iljitsch () muada com> wrote:

On 13 mei 2011, at 2:39, Jimmy Hess wrote:

if the user starts obtaining
multiple non-aggregable /48s  from different sources,  or obtains an
additional PI allocation later, but
keeps using the original /48.


Simple: make a rule that you don't get more than one PI block, and if you want a bigger one you have to return the 
old one. Oh wait, people use PI because they want to avoid renumbering? It was never meant for that. Maybe a good 
incentive to ask for the right size block in the first place.

The current RIR practice to reserve a /44 when a /44 is given out is a very bad one. It assures unfilterability, 
because now you have random sizes from /44 to /48 in the parts of the address space used for PI. And if say, 64k /48s 
are given out the space actually holds 1M /48s so if someone wants to blow up the IPv6 internet they can just start 
announcing a million /48s and our filters are powerless.


Well, that one particular "someone" should at most be announcing 16
/48s (their deaggregated /44).

If they announce a million /48s, they're actively hijacking space from
64,000 other people,
and should be dealt with in an appropriate manner as a hijacker.  :/

People are conflating two different issues here.

RIR policy is not, and never has been, structured to
prevent or punish active, realtime hijacking of IP space.

The *only* thing that will prevent that, in real-time are
techniques like PGBGP or so-BGP.  Not RIR policies.

Now, RIR policies may provide guidelines on what policies
you may use to configure your BGBGP or soBGP rules;
but the enforcement and protection side is up to you
as an ISP, not up to the RIR.

I have always been, and will continue to be, adamantly
opposed to the idea of the RIRs taking on the role
of the "routing table" and "forwarding table" police.  :(

Matt
(as a side note--in order to have your "million /48s"
table explosion happen through *legitimate* holders
of space deaggregating, it would require 64K individual
choices to deaggregate in order to have that happen;
we don't even have that many ASNs out there yet.  I'm
not losing sleep over that at this point.)

Current thread:

Re: IPv6 foot-dragging, (continued)
- - - Re: IPv6 foot-dragging Joe Loiacono (May 12)
    - Re: IPv6 foot-dragging Jeroen Massar (May 12)
    - Re: IPv6 foot-dragging Mikael Abrahamsson (May 12)
    - RE: IPv6 foot-dragging George Bonser (May 12)
    - Re: IPv6 foot-dragging Martin Millnert (May 12)
    - RE: IPv6 foot-dragging George Bonser (May 12)
    - Re: IPv6 foot-dragging Owen DeLong (May 12)
    - Re: IPv6 foot-dragging Jimmy Hess (May 12)
    - Re: IPv6 foot-dragging Jeff Wheeler (May 12)
    - Re: IPv6 foot-dragging Iljitsch van Beijnum (May 13)
    - Re: IPv6 foot-dragging Matthew Petach (May 13)
    - Re: IPv6 foot-dragging Iljitsch van Beijnum (May 13)
    - Re: IPv6 foot-dragging Joe Loiacono (May 12)
    - Re: IPv6 foot-dragging Jeroen van Aart (May 13)
    - Re: IPv6 foot-dragging Bernhard Schmidt (May 12)
    - Re: IPv6 foot-dragging Joel Maslak (May 12)
    - Re: IPv6 foot-dragging Jeroen van Aart (May 12)
    - Re: IPv6 foot-dragging Iljitsch van Beijnum (May 12)