Dear Akamai, you got a /32 there not a bunch of /48s - how to break Facebook and annoy lots of users
Tore Anderson
tore.anderson at redpill-linpro.com
Tue Aug 21 11:46:29 CEST 2012
* Gert Doering
> On Tue, Aug 21, 2012 at 08:50:01AM +0200, Tore Anderson wrote:
>> filtering. Under current RIPE policies, any back-yard LIR can get an
>> IPv6 /29. That's 524288 /48s. Next consider the possibility that someone
>> will fat finger and leak every single one of those into the DFZ. It will
>> be very difficult to automatically distinguish between such a leak and
>> your current use of /48s.
>
> Oh, that's quite easy. Look at the route6: objects. Accidential leaks
> won't have any...
Sure, but do you *really* filter every single route you receive from
your upstreams based on route[6] objects? If so, hats off to you sir - I
only do it for my peers, and even that is enough of a maintenance burden.
Unless I happened to peer directly with the leaking network, my routers
will not be able to distinguish between the leaked routes and more
legitimate /48 PA breakouts like Akamai's.
--
Tore Anderson
Redpill Linpro AS - http://www.redpill-linpro.com
More information about the ipv6-ops
mailing list