Joe Abley jabley at ca.afilias.info
Mon Feb 11 15:53:58 CET 2008

On 11-Feb-2008, at 09:36, Pekka Savola wrote:

> Btw, it may be worth noting that F-root is advertising a covering / 
> 47 (only 80% penetration) in addition to /48. The /47 isn't legit  
> per Gert's strict filters.

Some (most) of ISC's nodes announce the F-root prefixes  
and 2001:500:2f::/48 with the well-known community string attribute  
NO_EXPORT set, to avoid global loads of traffic swamping anycast nodes  
in remote locations.

If an ISP learns one of these routes with NO_EXPORT across a peering  
session and another instance across a transit provider session, the  
transit-learned route will commonly be suppressed within the local AS  
in favour of the peering-learnt route using policy mechanisms such as  
local preference.

This can result in there being no route propagated to external (e.g.  
customer) ASes, since NO_EXPORT prevents the selected route from  
propagating. This effect was observed some time ago by Randy Bush on  
the NANOG list for K-root (see <http://www.merit.edu/mail.archives/nanog/2005-10/msg01226.html 

To fill in the gaps caused by this effect, ISC advertises an IPv4 /23  
( and an IPv6 /47 (2001:500:2e::/47) from its global  
nodes with no NO_EXPORT community string attribute. The intention is  
that parts of the Internet which do not receive the IPv4 /24 or the  
IPv6 /48 for F might see the covering routes, and retain connectivity.

It would no doubt make ISC happy if people would accept the /47.  
Conversely, those who currently apply Gert's strict filters but who  
would like to make sure they can reach F over v6 might enhance their  
happiness by accepting the /47 :-)


More information about the ipv6-ops mailing list