[109378] in North American Network Operators' Group
Re: IPv6 routing /48s
daemon@ATHENA.MIT.EDU (Pekka Savola)
Wed Nov 19 02:28:30 2008
Date: Wed, 19 Nov 2008 09:28:06 +0200 (EET)
From: Pekka Savola <pekkas@netcore.fi>
To: Jeroen Massar <jeroen@unfix.org>
In-Reply-To: <492303BD.7010500@spaghetti.zurich.ibm.com>
Cc: nanog list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Tue, 18 Nov 2008, Jeroen Massar wrote:
> Check: http://www.space.net/~gert/RIPE/ipv6-filters.html for a list of
> suggested filter expressions that cover all of these correctly.
Unfortunately, the JunOS version of the strict filter is blocking
/32's from APNIC region as well. The offending lines are:
route-filter 2001::/16 prefix-length-range /19-/32;
...
route-filter 2001:0c00::/23 prefix-length-range /48-/48;
This is because Juniper uses longest prefix matching in route filters
(maybe this is different in cisco, I don't know):
https://www.juniper.net/techpubs/software/junos/junos92/swconfig-policy/how-a-route-list-is-evaluated.html
As a result, this will end up rejecting legitimate prefixes such as
2001:c00::/32 because then only /48's are accepted from that range.
Unfortunately, I don't know which blocks APNIC has set aside from
2001:0c00::/23 for /48 assignments; based on their web pages, they
have policies for at least multihoming, IXs and critical
infrastructure. But I couldn't find info which block these are from.
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
