Filters

Daniel Roesen dr at cluenet.de
Tue May 24 11:24:10 CEST 2005


On Tue, May 24, 2005 at 08:36:02AM +0000, Gerrit Wenig wrote:
> Also there is one organization which is using the /35 acceptance
> to split their /32 to be used for diffrent locations.
> 
> 2001:490::/32 origin by 14277
> 2001:490::/35 origin by 1248
> 2001:490:C000::/35 origin by 18666
> 
> What are the opinions for such a split ?

That's what we get from withholding PI. Enterprises pretending to be
ISPs (not in Nokia's case as far as I know, as they "slipped thru"
before the restrictions came in place in ARIN land... they were quick
enought) and splitting the allocation as they can't pretend to have
enough "ISP operations" inside their enterprise.

We do see this from other shops as well, also enterprises. *looking
at a certain network gear vendor here* :-)

This will be more and more common. Even smaller companies who can afford
paying LIR fees do get allocations. Other examples include Microsoft and
Akamai.

To come back to the operational side of the question "What are the
opinions for such a split ?"... difficult to say. I can fully understand
those folks in their desires. Still, it's against the current rules...
if only against the intentions behind them.

The operational question in that is "how good connectivity do you want
to those folks".

If you filter more-specifics, YOU (and _only_ you) will follow the
aggregate... for the hope that you'll reach the other ASses who announce
the specifics via the aggregate advertiser. One can easily argue that it's
the aggregate advertiser's job to make sure that this works.

But as I stressed, this is a _local_ decision. The next AS on your path
to the aggregate might NOT filter and follow the more-specific
announcement. So your routing gets far more nondeterministic than it
could be - and far harder to debug when problems occur.

Now looking at the other side of the coin. With many people filtering
more-specifics, the AS_PATHs for them become long at times. Especially
when the advertisers are deep burried in 6BONE "structures". People
connected to (or indirectly have upstream from) the large EU-US IPv6
transits who do allow more-specific multihoming (C&W, Tiscali) usually
still have very good AS_PATHs, "if it's seen, it has a good AS_PATH".

For an example look at DENIC's /48 PA more-specific here:
http://www.sixxs.net/tools/grh/lg/?prefix=2001:608::/32

So wether PA more-specific multi-homing "works" highly depends on who
the upstreams are. But factually it's no real multi-homing as DENIC
_will_ lose connectivity to _many_ places when the aggregate /32 goes
down.

It's hard to discuss this without directly diving into policy land...

My operational recommendation is to NOT filter those kind of
announcements until the PI policy problem is solved for good. YMMV.


Best regards,
Daniel

-- 
CLUE-RIPE -- Jabber: dr at cluenet.de -- dr at IRCnet -- PGP: 0xA85C8AA0



More information about the ipv6-ops mailing list