nanog mailing list archives
Re: What is BCP re De-Aggregation: strict filtering /48s out of /32 RIR minimums.
From: Leo Bicknell <bicknell () ufp org>
Date: Wed, 14 Nov 2012 09:59:18 -0800
In a message written on Wed, Nov 14, 2012 at 01:10:57PM +0000, Ben S. Butler wrote:
I am hoping for a bit of advice. We are rolling out IPv6 en mass now to peers and I am finding that our "strict" IPv6 ingress prefix filter is meaning a lot of peers are sending me zero prefixes. Upon investigation I determine they have de-agregrated their /32 for routing reasons / non interconnected islands of address space and in consequence advertise no covering /32 route. The RIR block that the allocation is from is meant to have a minimum assignment of /32.
You are conflating two different issues, which are essentially toally unrelated. There is the smallest size block an RIR will allocate out of some chuck of address space, and then there is how people announce it on the Internet. In the real world they have almost nothing to do with each other, something folks understand today in IPv4 but seem to think IPv6 magically fixes, it doesn't. [Historically there were folks who maintained filters on IPv4 space, but they gradually disappeared as the filters became so long they were unmaintinable, and people discovered when your job is to connect people throwing away routes is a bad thing.] For instance, there are folks who could use the "multiple discrete networks" policy to get a /48 for each of their 5 sites. But instead they get on /32, use a /48 at each site, and announce them independantly. Same prefixes in the table, but filtering on the RIR /32 boundry means you won't hear them. I'll point out it's not just longer, but shorter prefixes as well:
ipv6 prefix-list ipv6-ebgp-strict permit 2001:500::/30 ge 48 le 48
F-Root announces 2001:4f8:500:2e::/47. You're going to miss it.
There are other servers in this block that are in /47's or /46's.
If connectivity is what you value, here's the right filter:
ipv6 prefix-list ipv6-ebgp-permissive 2001::/12 ge 13 le 48
Yes, the DOD has a /13, and yes, people expect to be able to announce
down to a /48.
--
Leo Bicknell - bicknell () ufp org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
Attachment:
_bin
Description:
Current thread:
- Re: What is BCP re De-Aggregation: strict filtering /48s out of /32 RIR minimums., (continued)
- Re: What is BCP re De-Aggregation: strict filtering /48s out of /32 RIR minimums. William Herrin (Nov 14)
- Re: What is BCP re De-Aggregation: strict filtering /48s out of /32 RIR minimums. Michael Smith (Nov 14)
- Re: What is BCP re De-Aggregation: strict filtering /48s out of /32 RIR minimums. William Herrin (Nov 14)
- Re: What is BCP re De-Aggregation: strict filtering /48s out of /32 RIR minimums. Michael Smith (Nov 14)
- RE: What is BCP re De-Aggregation: strict filtering /48s out of /32 RIR minimums. Ben S. Butler (Nov 14)
- RE: What is BCP re De-Aggregation: strict filtering /48s out of /32 RIR minimums. Ben S. Butler (Nov 15)
- Re: What is BCP re De-Aggregation: strict filtering /48s out of /32 RIR minimums. Matthew Petach (Nov 15)
- RE: What is BCP re De-Aggregation: strict filtering /48s out of /32 RIR minimums. Ben S. Butler (Nov 15)
- RE: What is BCP re De-Aggregation: strict filtering /48s out of /32 RIR minimums. Ben S. Butler (Nov 22)
- Re: What is BCP re De-Aggregation: strict filtering /48s out of /32 RIR minimums. William Herrin (Nov 14)