Re: IPv6 routing /48s

From: Pekka Savola (no email)
Date: Wed Nov 19 2008 - 02:28:06 EST

  • Next message: (no email): "RE: NAT66 and the subscriber prefix length"

    On Tue, 18 Nov 2008, Jeroen Massar wrote:
    > Check: http://www.space.net/~gert/RIPE/ipv6-filters.html for a list of
    > suggested filter expressions that cover all of these correctly.

    Unfortunately, the JunOS version of the strict filter is blocking
    /32's from APNIC region as well. The offending lines are:

                 route-filter 2001::/16 prefix-length-range /19-/32;
    ...
                  route-filter 2001:0c00::/23 prefix-length-range /48-/48;

    This is because Juniper uses longest prefix matching in route filters
    (maybe this is different in cisco, I don't know):

    https://www.juniper.net/techpubs/software/junos/junos92/swconfig-policy/how-a-route-list-is-evaluated.html

    As a result, this will end up rejecting legitimate prefixes such as
    2001:c00::/32 because then only /48's are accepted from that range.

    Unfortunately, I don't know which blocks APNIC has set aside from
    2001:0c00::/23 for /48 assignments; based on their web pages, they
    have policies for at least multihoming, IXs and critical
    infrastructure. But I couldn't find info which block these are from.

    -- 
    Pekka Savola                 "You each name yourselves king, yet the
    Netcore Oy                    kingdom bleeds."
    Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
    

  • Next message: (no email): "RE: NAT66 and the subscriber prefix length"





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    Powered By FreeBSD   Powered By FreeBSD