Dear Akamai, you got a /32 there not a bunch of /48s - how to break Facebook and annoy lots of users
Nick Hilliard
nick at foobar.org
Mon Aug 20 23:06:11 CEST 2012
On 20/08/2012 21:40, Jeroen Massar wrote:
> On 2012-08-20 22:32, Nick Hilliard wrote:
>> On 20/08/2012 21:20, Jeroen Massar wrote:
>>> 1) announce the covering prefix
>>
>> This doesn't scale.
>
> That extra route should not be a problem when there are 800
> more-specifics below it.
let me clarify this statement then. Akamai claims to deliver ~20% of the
world's internet traffic. While it's possible that announcing their three
/32s would work right now because there's so little ipv6 traffic, in future
times if 1% of the world's internet traffic were to default to using the
three /32 announcements, then that would end up being a very large amount
of traffic indeed, e.g. an order of magnitude or two larger than the median
size of an Akamai node.
This argument isn't going to apply equally to every organisation. Most
organisations don't have a very large distributed network structure like
Akamai, but in Akamai's case it would seem to me to be a very bad idea to
announce their entire /32 allocations.
The 1% figure comes from here:
> https://labs.ripe.net/Members/emileaben/ripe-atlas-a-case-study-of-ipv6-48-filtering
[Incidentally, a couple of months ago when this same discussion came up
regarding Cloudflare, I took a different approach about announcing only
/48s and no supernet. As Cloudflare are significantly smaller than Akamai,
it makes a lot more sense for them to announce a supernet. Also, Emile's
report changed my mind on the importance of announcing /48s without a
covering /32.]
> But, yes, indeed, it should be effectively required that people who do
> BGP use something like irrtoolset and run it regularly.
I wouldn't force irrtoolset on my worst enemy, but I agree that filters
need to be updated regularly.
> As as you are noticing, people do not update their filters, neither in
> IPv4 and neither in IPv6...
they do, but very slowly. If Akamai or other large CDNs break, they sit up
and take notice.
Nick
More information about the ipv6-ops
mailing list