[182462] in North American Network Operators' Group
Re: Dual stack IPv6 for IPv4 depletion
daemon@ATHENA.MIT.EDU (joel jaeggli)
Fri Jul 17 09:29:57 2015
X-Original-To: nanog@nanog.org
To: "John R. Levine" <johnl@iecc.com>, Valdis.Kletnieks@vt.edu
From: joel jaeggli <joelja@bogus.com>
Date: Thu, 16 Jul 2015 21:45:22 -0700
In-Reply-To: <alpine.OSX.2.11.1507151156400.41183@ary.lan>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--bq3K8w9xhC8bMqosxWdLtaug2RIRQvugF
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
On 7/15/15 9:10 AM, John R. Levine wrote:
>>> It would be nice if it were possible to implement BCP 38 in IPv6,
>>> since this
>>> is the reason it isn't in IPv4.
>>
>> There isn't any technical reason that an organization can't fix its ed=
ge
>> so it doesn't urinate bad IPv6 traffic all over the Internet.
>=20
> In IPv4 systems, the problem is (so I have been told by some largish
> ISPs) that a dual homed customer gets address ranges from ISPs A and B,=
> and sends traffic with A addresses to the B interface. The ISPs have n=
o
> practical way to tell legit dual homed traffic from malicious,
> particularly when there is a chain of resellers in between. If the ISP=
> tells the customer to send the traffic over the right interface, the
> usual response is "if you don't want our business, I'm sure we can find=
> another ISP that does."
Strict rpf has the super nice property that if you withdraw you prefix
from a peer, that peer blackholes traffic. there are all sorts of fun
cases like for example MLPE peering on exchange fabrics where you can't
just tag the prefix no export and send it to your neighbor, which means
it's all or nothing.
The exigent reality is that the less control customers have over their
own policy then the easier they are to filter. retail isp customers with
prefixes delegated by their provider, easy so when ISPS practice good
hygiene on their retail side, great.. some dude at an exchange point
direct adjacency or no, quite a bit harder.
> Like I said, it would be nice if ISPs could persuade their v6 customers=
> to get their own PI space early on, because if they don't they'll have
> exactly the same problem.
>=20
> R's,
> John
>=20
--bq3K8w9xhC8bMqosxWdLtaug2RIRQvugF
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2
Comment: GPGTools - http://gpgtools.org
iEYEARECAAYFAlWoiGMACgkQ8AA1q7Z/VrIkBACfUGWtinjN5IBSq+DEFjK3K76H
Wn4AoIeJrhXA44s8PXMdii/oFUT6LfQz
=CZFl
-----END PGP SIGNATURE-----
--bq3K8w9xhC8bMqosxWdLtaug2RIRQvugF--
