Dear Akamai, you got a /32 there not a bunch of /48s - how to break Facebook and annoy lots of users

Jeroen Massar jeroen at unfix.org
Mon Aug 20 22:20:02 CEST 2012


On 2012-08-20 19:44, Gert Doering wrote:> Hi,
>
> On Mon, Aug 20, 2012 at 06:42:34PM +0200, Jeroen Massar wrote:
>> I guess what the real thing is that the time is RIPE for a RIPE address
>> plan which is akin to ARIN's Micro Allocations.
>
> It's called "IPv6 PI" and we have that.

The blocks being used are from the PA pool, which is why it hurt in most
network's filters.

> (It doesn't matter for the amount of prefixes in the DFZ - but it does

Fully agree.

> make a difference if people filter out /48s from /32-range without
> checking with their IRRDB whether they might want to make an exception
> here - OTOH, if the /48s don't even *have* route6 objects, now that
> would be a good reason to bash Akamai)

As noted in the mail, there was no route6 for that prefix.

And from that perspective to make filtering networks happy would work if
three conditions for more specifics are met:
 1) announce the covering prefix
 2) have a route6 for that
 3) have a route6 for the more specific.

Note that Akamai generally does this, but for these the route6
definitely where missing. And likely something else is very flaky on
that path, though can't tell is it is forward or reverse.

With the above, in case there is route explosion (or your gear is too
old to grok things), one could always ignore the more-specific route6's
and filter those out thus making lots of folks around the world much
happier.

Greets,
 Jeroen



More information about the ipv6-ops mailing list