[105823] in North American Network Operators' Group
Re: IPv6 Prefix Policy
daemon@ATHENA.MIT.EDU (Leo Bicknell)
Thu Jul 3 11:12:48 2008
Date: Thu, 3 Jul 2008 11:12:37 -0400
From: Leo Bicknell <bicknell@ufp.org>
To: nanog@nanog.org
Mail-Followup-To: nanog@nanog.org
In-Reply-To: <486CE869.7010104@spaghetti.zurich.ibm.com>
Errors-To: nanog-bounces@nanog.org
--lrZ03NoBR/3+SXJZ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
In a message written on Thu, Jul 03, 2008 at 04:55:37PM +0200, Jeroen Massa=
r wrote:
> In general though, ASNs are following:
> http://www.space.net/~gert/RIPE/ipv6-filters.html
>=20
> I don't know how common the strict/non-strict case is though, but=20
> looking at GRH (http://www.sixxs.net/tools/grh/) it seems that most=20
> ASN's are properly filtering, thus using the strict model.
The strict filter is still broken in at least one way.
ipv6 prefix-list ipv6-ebgp-strict permit 2001:500::/30 ge 48 le 48
http://www.arin.net/reference/micro_allocations.html
Note that there are /45's, /46's, /47's and /48's right now. The
filter allows only /48's. Of note, this will break access to the
F-Root name server, we announce it from both a /47 and a /48 (local
peers only) in IPv6.
I believe there are other issues with the strict filter, but don't have
the time to track them down right now.
--=20
Leo Bicknell - bicknell@ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
--lrZ03NoBR/3+SXJZ
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (FreeBSD)
iD8DBQFIbOxjNh6mMG5yMTYRAhrlAJ9z36gpvUVSCPRhC2okYjL2auiq/wCaAs1r
aoQDotMZc6bSlONRzu0qgU4=
=nYdy
-----END PGP SIGNATURE-----
--lrZ03NoBR/3+SXJZ--
