jabley at ca.afilias.info
Mon Feb 11 15:53:58 CET 2008
On 11-Feb-2008, at 09:36, Pekka Savola wrote:
> Btw, it may be worth noting that F-root is advertising a covering /
> 47 (only 80% penetration) in addition to /48. The /47 isn't legit
> per Gert's strict filters.
Some (most) of ISC's nodes announce the F-root prefixes 184.108.40.206/24
and 2001:500:2f::/48 with the well-known community string attribute
NO_EXPORT set, to avoid global loads of traffic swamping anycast nodes
in remote locations.
If an ISP learns one of these routes with NO_EXPORT across a peering
session and another instance across a transit provider session, the
transit-learned route will commonly be suppressed within the local AS
in favour of the peering-learnt route using policy mechanisms such as
This can result in there being no route propagated to external (e.g.
customer) ASes, since NO_EXPORT prevents the selected route from
propagating. This effect was observed some time ago by Randy Bush on
the NANOG list for K-root (see <http://www.merit.edu/mail.archives/nanog/2005-10/msg01226.html
To fill in the gaps caused by this effect, ISC advertises an IPv4 /23
(220.127.116.11/23) and an IPv6 /47 (2001:500:2e::/47) from its global
nodes with no NO_EXPORT community string attribute. The intention is
that parts of the Internet which do not receive the IPv4 /24 or the
IPv6 /48 for F might see the covering routes, and retain connectivity.
It would no doubt make ISC happy if people would accept the /47.
Conversely, those who currently apply Gert's strict filters but who
would like to make sure they can reach F over v6 might enhance their
happiness by accepting the /47 :-)
More information about the ipv6-ops