CloudFlare IPv6 BGP announcements - WTF guys?
Oliver
olipro at 8.c.9.b.0.7.4.0.1.0.0.2.ip6.arpa
Mon Jul 16 21:49:27 CEST 2012
On Monday 16 July 2012 21:15:17 Daniel Roesen wrote:
> On Mon, Jul 16, 2012 at 03:45:43PM +0200, Oliver wrote:
> > The whole thing is daft; even if you've got multiple upstreams, there's
> > still *nothing* preventing you from exposing only your /32 to the rest of
> > the internet and tagging more specifics with NO_EXPORT to each of your
> > upstreams.
>
> Not having a backbone pretty effectively does.
...Which would fall under the second paragraph of my previous e-mail regarding
the need for a particular subnet's traffic to go via a particular upstream.
>
> > If your modus operandi is to pollute the routing tables, you deserve all
> > the unreachability you get.
>
> Wether you see /32 PA more-specifics from all the CDN nodes, or PI /48s
> doesn't make a difference at all, technically.
I'd have hoped this was self-evident and serves to highlight the fact that the
protection against such abuse is down to RIR policies governing eligibility
for PI space.
Regards,
Oliver
More information about the ipv6-ops
mailing list