[AusNOG] Should we be a LIR for our customers and get them PI (Was: another ipv6 Q)

Jeroen Massar jeroen at massar.ch
Sat Jul 5 18:48:33 EST 2014 

On 2014-07-05 03:49, Robert Hudson wrote:
> Hi Jeroen,

(I am sure the rest of the list has input on this too ;)

> Sorry for top-posting, I am on a mobile device.

(You are starting a new thread, not directly related to the previous
reply, IMHO better indicate that with a subject change / new msg)

> I spoke before of SAGE-AU, but this post now comes from my other
> "persona" - that of an employee of a multinational organisation.

Multi-national of which size in each location?

Address space has to be justified. ISPs that assign to smaller entities
can request a /32 per default (or larger with justification).

End-sites can request a /48 or more with proper justification (in this
case also depending on RIR with respect to number of upstreams etc)

This rule is more or less the same for all the RIRs, even though the
actual policies have different language.

The point is: can you justify it to the RIR to fulfill their policies?

> We have recently put together an IPv6 strategy, and there are two
> options we are investigating - either a single /32 PI allocation
> globally, or a /32 PI per region (aligned with the RIRs).

Please don't call it a "/32 PI", it is just an allocation from a RIR.

The difference between PA/PI does not really exist anymore, though the
language still sticks. With PI a direct full endsite is meant, while
with PA a LIR is meant that assigns to end-sites. In both cases, they
should announce these prefixes in whole, and not in part.

> The point is
> to have an internally contiguous IP addressing scheme (or as close as
> possible, but then use the same address space publicly as well (NAT is
> evil). The preference is for the single global allocation, but I don't
> see  regional /32 allocations as a significant overhead.
> 
> Either way, the plan is to take /32 PI space and split it into a /48 per
> site. Some of those sites are aggregated with a single point of Internet
> connectivity, but even so, just in Asia Pacific, we are talking about 5
> different countries in which we'd be advertising our various /48
> allocations - and there is a different carrier per Internet connection.

That won't fly, as you'll have to announce the aggregate, and thus
back-haul the traffic in such a situation.

One good solution might be to have your transits announce the space as a
continues block (the aggregate /32), but let them carry internally the
/48s for each location so that it ends up at the right location.

> If I am reading what you are saying correctly, we can't use either a
> single global /32 of PI space or even a /32 of PI space per region and
> split it up into multiple sites.

You can't "split" the allocated-from-RIR space on the BGP level.

Yes, some ISPs/transits will accept it, especially if you give them
money, but not all networks will accept it.

> Globally we're looking at several
> hundred sites (which incidently is probably more routes than SAGE-AU
> members are likely to produce in the near future) - are you are
> suggesting that carriers will drop/filter our advertisements and cause
> us issues with IPv6 Internet connectivity?

If you de-aggregate the allocation from the RIR, then yes, it will be
filtered.

It is not about the number of routes, it is the type of address space.
Some is meant to be announced at a length of /16 - /32 and other at /40
- /48. To avoid de-aggregation, as they should not be de-aggregated,
networks filter.

In the end that will indeed mean that there will be organizations like
the one you propose who will either:
 - get their transits to announce the aggregate
   and let them perform the delivery of the more specifics

 - get at least a prefix per RIR so that regional traffic
   is delivered in the semi-correct location (see: Google, NTT etc)

 - get a whole bunch of prefixes, eg, 48 PI prefixes
   (APNIC is known to give out consecutive /48s out of their PI
    prefix for this purpose, but note that these are disjunct
    allocations from the RIR to the end-site, not a single /32 alloc
    see: 2001:df0:258::/48 - 25b for DYNDNS-[JP/SG/AU/HK]
         2001:df0:300::/48 - 314 for IDA-*
         and there are likely other examples
         don't mix up with the special "IX"/Infra prefixes though
    note that the SAGE-AU prefix is from a completely different range)

It really depends on your network design and what kind of part in the
Internet you want to play. If you have a global network, you likely care
less about backhauling your own traffic.

If you have a small link, say 10 mbit, in Japan, but a 100Gbit link in
the US, you will likely not want to accept all traffic from Japan
locally in Japan, that is actually destined to the US port... it really
depends, it can lead to very interesting situations.

Greets,
 Jeroen

More information about the AusNOG mailing list