[AusNOG] another ipv6 Q

Jeroen Massar jeroen at massar.ch
Thu Jul 3 15:05:39 EST 2014 

[two replies to Geordie & Robert in one]

On 2014-07-03 00:41, Geordie Guy wrote:
> How does splitting up a /32 amongst members of a professional body spam
> the tables any more than those members getting distinct PI blocks from LIRs?

It indeed does not make much of a difference in the number of routing
slots. The major difference is in filtering.

Most providers are filtering at the /32 length for the PA blocks of the
RIRS. As such, if you try to announce a more specific it will only be
accepted by a few and your routing will be hurt. You really do not want
this effect.

Note that over the long term there will be a lot more filtering happening.


On 2014-07-03 00:47, Robert Hudson wrote:
> SAGE-AU applied to APNIC for the /32 range we were allocated for this
> specific purpose.

They likely confused "can we route sub /48s out of this to our
customers" with "can we let our customers announce /48s out of that".

They are completely different things, and APNIC does not handle the latter.

>  We have been assured by APNIC

APNIC, nor any other RIR, does not guarantee routability.

> and several others that
> the block allows us to hand out completely portable /48 PI allocations
> to be routed as members see fit.

As history has shown, it will not work, thou shalt be filtered.

> At least 20 members are already doing this

GRH (grh.sixxs.net) only sees 3 more specifics in 2406:C500::/32
(2406:c500:ff4::/48, 2406:c500:fff3::/48, 2406:c500:fffd::/48).

None of these prefixes are registered in WHOIS btw as being more
specific. No inet6num nor a route6 entry. Another point where you will
be filtered on.

And to make it worse the covering /32 prefix is not there:
$ show bgp 2406:C500::/32
% Network not in table

Those prefixes are thus unreachable for most of the GRH peers which
accounts a sizeable part of the IPv6 world.

Welcome to the land of BGP filtering. This has been very well discussed
in various Internet fora over the last decade. Google also for
Cloudflare and unreachability, they have LOTS of problems too as they
think they can chunk up their PA allocation.

[..]
> You mentioned getting PI space from an LIR - we are actually
> registered as an LIR for this reason.

PI prefixes come out a completely distinct block of address space.
Space that ISPs do not filter as they know that upto /48 can come out of
that.

Hence, that /32 is being used wrong and users of it will have issues.

Better start announcing that covering /48 or better: get your users
their own disjunct PI space.

Greets,
 Jeroen

More information about the AusNOG mailing list