[157890] in North American Network Operators' Group
What is BCP re De-Aggregation: strict filtering /48s out of /32 RIR
daemon@ATHENA.MIT.EDU (Ben S. Butler)
Wed Nov 14 08:11:40 2012
From: "Ben S. Butler" <Ben.Butler@c2internet.net>
To: 'NANOG' <nanog@nanog.org>
Date: Wed, 14 Nov 2012 13:10:57 +0000
In-Reply-To: <416A23FC91E34449999D047BF540B46901689658E2EE@EXCHANGE.atlasbiz.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Hi,
I am hoping for a bit of advice. We are rolling out IPv6 en mass now to pe=
ers and I am finding that our "strict" IPv6 ingress prefix filter is meanin=
g a lot of peers are sending me zero prefixes. Upon investigation I determ=
ine they have de-agregrated their /32 for routing reasons / non interconnec=
ted islands of address space and in consequence advertise no covering /32 r=
oute. The RIR block that the allocation is from is meant to have a minimum=
assignment of /32.
From:
http://www.space.net/~gert/RIPE/ipv6-filters.html
We get:
ipv6 prefix-list ipv6-ebgp-strict deny 3ffe::/16 le 128
ipv6 prefix-list ipv6-ebgp-strict permit 2001:500::/30 ge 48 le 48
ipv6 prefix-list ipv6-ebgp-strict deny 2001:db8::/32 le 128
ipv6 prefix-list ipv6-ebgp-strict permit 2001::/32
ipv6 prefix-list ipv6-ebgp-strict permit 2001::/16 ge 35 le 35
ipv6 prefix-list ipv6-ebgp-strict permit 2001::/16 ge 19 le 32
ipv6 prefix-list ipv6-ebgp-strict permit 2001:0678::/29 le 48
ipv6 prefix-list ipv6-ebgp-strict permit 2001:0c00::/23 ge 48 le 48
ipv6 prefix-list ipv6-ebgp-strict permit 2001:13c7:6000::/36 le 48
ipv6 prefix-list ipv6-ebgp-strict permit 2001:13c7:7000::/36 le 48
ipv6 prefix-list ipv6-ebgp-strict permit 2001:43f8::/29 ge 40 le 48
ipv6 prefix-list ipv6-ebgp-strict permit 2002::/16
ipv6 prefix-list ipv6-ebgp-strict permit 2003::/16 ge 19 le 32
ipv6 prefix-list ipv6-ebgp-strict permit 2400::/12 ge 19 le 32
ipv6 prefix-list ipv6-ebgp-strict permit 2600::/12 ge 19 le 32
ipv6 prefix-list ipv6-ebgp-strict permit 2610::/23 ge 24 le 32
ipv6 prefix-list ipv6-ebgp-strict permit 2620::/23 ge 40 le 48
ipv6 prefix-list ipv6-ebgp-strict permit 2800::/12 ge 19 le 32
ipv6 prefix-list ipv6-ebgp-strict permit 2a00::/12 ge 19 le 32
ipv6 prefix-list ipv6-ebgp-strict permit 2801:0000::/24 le 48
ipv6 prefix-list ipv6-ebgp-strict permit 2c00::/12 ge 19 le 32
ipv6 prefix-list ipv6-ebgp-strict deny 0::/0 le 128
I have peers in 2a00::/12 that are advertising me /48s without the /32 assi=
gned to them.
While this has been a problem in IPv4 land in the past with some people de-=
aggregating a /19 to regional /24s with no covering route because of no bac=
kbone. What should we be doing in IPv6 land as I suspect this may become a=
bigger problem than it ever was in IPv4.
I can adopt the view, well you should, so I'm going to filter, and they can=
say well that's not practical, we have a /32 and we advertise a /48 at eac=
h individual internet exchange. RIRs policy wont allocate us a lot of sepa=
rate /48s from an appropriate block. Aggregation argues you shouldn't de-a=
ggregate.
We might as well start off as we mean to go along and try not to pollute th=
e v6 route table with all the rubbish that is in the v4 one.
So what is the "best" answer.
1> Don't advertise islands of space under assignment minimum, without p=
roviding a covering aggregate route?
2> Don't use strict filters, they don't work well and de-agragegation w=
ith IPv6 is going to be a problem?
3> Don't use filters, generate it from an IRR?
Given there is no "right" answer what is considered to be the best fit one?
Kind Regards
Ben
