From: Pekka Savola (no email)
Date: Wed Nov 19 2008 - 02:28:06 EST
On Tue, 18 Nov 2008, Jeroen Massar wrote:
> Check: http://www.space.net/~gert/RIPE/ipv6-filters.html for a list of
> suggested filter expressions that cover all of these correctly.
Unfortunately, the JunOS version of the strict filter is blocking
/32's from APNIC region as well. The offending lines are:
route-filter 2001::/16 prefix-length-range /19-/32;
route-filter 2001:0c00::/23 prefix-length-range /48-/48;
This is because Juniper uses longest prefix matching in route filters
(maybe this is different in cisco, I don't know):
As a result, this will end up rejecting legitimate prefixes such as
2001:c00::/32 because then only /48's are accepted from that range.
Unfortunately, I don't know which blocks APNIC has set aside from
2001:0c00::/23 for /48 assignments; based on their web pages, they
have policies for at least multihoming, IXs and critical
infrastructure. But I couldn't find info which block these are from.
-- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings