AW: Please check your filters - reloaded

Horneffer, Martin Martin.Horneffer at t-com.net
Fri Nov 4 12:49:03 CET 2005 

Hi,

the analysis of 2003::/19 is correct.

We are currently in the preparatory phase of renumbering our
(experimental) IPv6 infrastructure from 2001:7a0::/32 to 2003::/19.
As an effect 2003::/19 is already being announced on our peerings
(e.g. C&W), but no host exists yet within this prefix.

If there is public interest in having a pingable address from
2003::/19 we might try to set one up in advance.


I'd like to stress Bernhard's appeal: If not yet done, please check
your filters! 2001::/16 ist not the only range of production IPv6
unicast addresses any more.


Thanks Bernhard for the analysis and pointing out the potential
filtering issue!


Best regards, Martin Horneffer

Dr. Martin Horneffer
Deutsche Telekom AG
T-Com Technology Engineering
Internet Backbone Architecture


On Mon, Oct 31, 2005 at 05:05:54AM +0100, Bernhard Schmidt wrote:
> Hi everyone again,
> 
> since I've apparently caused some sort of confusion I'd like to clarify
> some things about my last mail.
> 
> There are two seperate issues with global prefix visibility at the
> moment:
[..] 
> 2.) 2003::/19  DE-DTAG
>     If my interpretation of the table is correct this prefix isn't
>     supposed to be visible worldwide at the moment, since the only
>     connection up and running is a _peering_ to C&W. Thus C&W only
>     exports this prefix to their downstreams. The ugly traceroutes
>     posted by Daniel and James are the results of some leaks by networks
>     not having a proper concept of upstream/downstream/peering, leaking
>     learned prefixes all over the place. 
> 
>     Second, I do not know any host inside 2003::/19 that should answer
>     to echo requests. Their router does send unreachables, but if we
>     assume that only the peering to 1273 is up and running 3320 won't
>     have a route back to networks not being C&W customers, thus you
>     won't see any unreachables.
> 
>     So why did I include this prefix at all? Because there are similar
>     issues as with Softbank. Check out
> 
>     http://www.sixxs.net/tools/grh/compare/?a=2003::/19&b=2001:7a0::/32
> 
>     which looks kind of broken at the moment. Now select another date at
>     the top (e.g. Oct 10th) and suddenly you see that most large
>     networks got the prefix, but still 22% of the GRH feeders don't. So
>     this seems to be a filtering issue again.
> 
>     AGAIN: There is no host in 2003::/19 supposed to answer to echo
>     requests, and _currently_ most of you should not be able to see that
>     prefix at all. If it's broken for you, have a look at your filters 
>     and if they look okay, wait.
> 
> Short story:
>  * Please keep your filters up to date. Remember that there have beeen
>    allocations outside of 2001::/16 (and 6bone) for quite a while now,
>    and there are more to come.
>  * If you cannot keep up with current developments in the IPv6 world or
>    if you're leaving your company and your successor has no clue about
>    IPv6-routing, please consider using a liberal filtering aproach, e.g. 
>    allowing everything in 2000::/3 up to /32 (plus todays well-known
>    micro-allocations/IXes) or even 2000::/3 up to /48. I hate proposing
>    that, but it's better than outdated filters.
>  * If you run your own ASN with IPv6 consider giving GRH
>    (http://grh.sixxs.net) a feed to help debugging similar issues.
> 
> Regards,
> Bernhard
[..]

More information about the ipv6-ops mailing list