[AusNOG] Should we be a LIR for our customers and get them PI (Was: another ipv6 Q)
Jeroen Massar
jeroen at massar.ch
Sat Jul 5 00:17:17 EST 2014
On 2014-07-04 08:47, James Andrewartha wrote:
> Hi Jeroen,
>
> On Fri, 4 Jul 2014, Jeroen Massar wrote:
>
>> Do note that anybody who is going to announce that prefix in a useful
>> manner also needs to have proper routing equipment to handle a full BGP
>> feed. The cost of that kind of equipment, the transit payments and the
>> engineers that do that will add up to a LOT more than $1200 PA :)
>
> Obviously you haven't seen what people do with cheap Mikrotiks :P
I (un)fortunately have seen them and other such setups.
They are great for starting out, but people also think they can have
more than 2 full-transits on them and have a stable connection and/or
that they can compare to the more 'professional' grade routers that are
out there ;)
I do think that it is great that such systems, or just a simple
Supermicro with a Xeon E5 and Bird or Quagga on it, exists as it does
enable a lot more people to connect to this amazing thing called the
Internet and start new businesses.
For more networks to stay on connecting though, that table size should
not be too huge as otherwise starting out on the edge will not be
possible at one point or another.
Hence this whole thread that networks do filter and that one should be
aware of not using portions of PA space as PI, as that will not work.
> More seriously, is wanting a different routing policy an acceptable reason
> for a second allocation? I can imagine ISPs might want to advertise
> seperate ranges in different states, do they then need multiple /32s?
A real, full-on ISP, likely no, as they can backhaul that traffic; if
they are unable to then they are not a full-on ISP IMHO.
If you are located in two disparate locations though and do not want to
backhaul one will have a teeny problem.
It can be partially solved by having your transits announce the /32, but
announcing more specifics to your PEERS. Note the word PEERS there,
hence not transits. Having one transit leak the more specific will cause
all traffic to go there. Hence do avoid that.
More importantly: The other side of the world does not need to know
where that traffic needs to be delivered locally.
> Even I split my IPv4 /22 into two /23s so I can advertise them out
> different links (broadly - school owned device to AARNet, non-school owned
> to commodity transit).
(You are part of the 44% of de-aggregated prefixes on the net)
> Can I ask APNIC for another PI /48 to achieve this?
> Their policies are unclear.
You would have to justify why those locations are distinct and why they
need separate routable blocks.
IMHO, using the above trick of announcing more specifics to peers and
the aggregate to transits is likely the better trick.
The other variant would be to determine if you really need your own
space (eg because of independence for whatever reason) or if you can
live with a chunk of PA of somebody else.
Note that quite a few universities/school networks in IPv6 simply use a
/48 out of the /32 they get from their NREN. Though there is a school in
Switzerland (Cantonsschule Zug) who have their own /32 that they use for
connectivity for the multiple locations that they have and for
connectivity of their students (yep, they do cable and dsl as a school).
> https://www.apnic.net/publications/media-library/documents/resource-guidelines/ipv6-guidelines
> seems to be the main one, and is somewhat contradictory. 6.2 says for
> operational, geographic or regulatory reasons your network can be
> considered as multiple discrete networks. So that covers the ISP case. My
> site is multihomed, so I qualify under 9.1.1. However the end of section 2
> says "Only one IPv6 address block is to be assigned to an organization
> upon an initial request; subnets of this block may be assigned by the
> organization to its different sites if needed."
> But you claim (in contrast to Mark) that a /56 advertisement is verboten,
> which conflicts with that.
I have not claimed that a /56 advertisement is verboten, I did not even
mention a /56 yet in this thread. But a /56 definitely will not go far
in BGP, as that is not an allocation size that the RIRs give out.
But yes, a end-site should get at minimum either a /56 or /48. Typically
a /56 is "good enough" for home networks, while a /48 should be for any
business type of situation.
IMHO for ease of assignment one should just give everybody a /48.
RIR policies allow fully for it and there are enough /48 in the global
IPv6 space to do so for a long long time. (Note that German & France
telecom both got /19s based on their /48 for every customer
justification, for /56 they would have had enough with a lot less)
Note also the differences between:
- allocation
RIR/NIR -> LIR
~/16 - /32 PA or ~/40 - /48 PI
- assignment
LIR -> end-site
typically a /48, but up-to a /40 happens too
- advertisement/announcement
What you throw into BGP
depends on the allocation size as from the RIR, no more-specifics
See also http://www.space.net/~gert/RIPE/ipv6-filters.html
> 9.2 then does say discrete netwoks qualify, so if I can demonstrate the
> need APNIC should give me another /48 even though I could just as easily
> split my original /48.
Yes, you can "split" your network internally, but you should not be
announcing it that way, possibly to peers, but definitely not to transits.
> In the end there's no real difference to me, so is
> the only gain that network operators have to fill out a bit more paperwork
> to justify their operational reasons for extra prefixes to advertise for
> traffic engineering?
Indeed.
> Seems a bit like overkill IMHO, and anyone who's
> going to the effort of traffic engineering isn't going to be put off by a
> little paperwork.
Bingo.
It is a bit overkill in a way, but in the long term it might be
beneficial to the size of the routing tables, see above.
Note that you can get a /32 PA with 65k /48s, but the RIRs will never
give you 65k PI blocks for your distinct locations, you should be
aggregating those. Unless you are an insanely popular and big LIR with a
huge 200k businesses as distinct customers, but if you are then you
would not be discussing these rules here asking questions and would have
done so already ;)
Greets,
Jeroen
More information about the AusNOG
mailing list