Dear Akamai, you got a /32 there not a bunch of /48s - how to break Facebook and annoy lots of users

Nick Hilliard nick at foobar.org
Mon Aug 20 19:45:50 CEST 2012


On 20/08/2012 17:42, Jeroen Massar wrote:
> Most of those are out of PA space that is announced inside the ISP that
> that prefix is living in and thus which do not need to be seen in the
> rest of the DFZ as they come out of a PA block.

2.16.0.0/13:	53 announcements
23.0.0.0/12:	110 announcements
23.32.0.0/11:	170 announcements
23.64.0.0/14:	54 announcements

etc, etc, etc.  I got bored at this stage and stopped totting up their
larger allocations (there are lots more), but that's already nearly half
the space they announce.  It's PA space, but all allocated to Akamai and
announced as smaller prefixes.  I.e. it's not PA space in the traditional
sense of all being announced as a single aggregate from a single ASN.  So
why should Akamai's v6 allocation / assignment policies be different?

> See above about paying folks to get passed those filters.

I thought about this for a while and figure that there are two likely
scenarios for this sort of thing:

Scenario #1:

$ISP: oh hai, we are filtering out ur /48s, pls to be givin us moniez

Akamai: sure thing.  Here's $money.  How much did you want?

$restofworld: oh hai, Akamai, uhhhhhh we've just started filtering out ur
/48s, so pls to be givin us moniez too

Akamai: doh!  Okey-dokey, here's money for you too.


Scenario #2:

$ISP: oh hai, we are filtering out ur /48s, pls to be givin us moniez

Akamai: lol no.  if you don't want akamai v6 traffic, feel free to have
your helpdesk tell your customers that their interwebs is broken because of
your prefix aggregation demands.

$ISP: how dare you!  you're breaking our network!  we demand that you stop!

> And they could of course just use address space which is not meant for
> de-aggregation...

You mean, get 800 separate separate PI assignments from the RIRs?  What
problem is that going to solve other than annoying the LIRs?  Would you be
happier if Akamai announced 800 /32s instead?

> I guess what the real thing is that the time is RIPE for a RIPE address
> plan which is akin to ARIN's Micro Allocations.

The current RIPE recommendations are to filter on /48 for v6.  No clue
about Arinland or Apnicistan.

Nick




More information about the ipv6-ops mailing list