[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: v6 multihoming and route filters

To: Christian Huitema <huitema@windows.microsoft.com>
Subject: Re: v6 multihoming and route filters
From: Iljitsch van Beijnum <iljitsch@muada.com>
Date: Wed, 5 Jul 2006 10:28:01 +0200
Cc: "Marc Blanchet" <marc.blanchet@viagenie.ca>, <v6ops@ops.ietf.org>
In-reply-to: <70C6EFCDFC8AAD418EF7063CD132D0640125ACE4@WIN-MSG-21.wingroup.windeploy.ntdev.microsoft.com>
References: <10ECB7F03C568F48B9213EF9E7F790D202100D5D@wava00s2ke2k01.corp.pvt> <Pine.LNX.4.64.0606290742230.14705@netcore.fi> <DEF7AE41-FFB7-4F5B-BC2C-538796E8B106@viagenie.ca> <44A965FC.4090700@hotnic.net> <CCCDC52A-3BDB-4806-B000-339F5372CFB0@viagenie.ca> <578F09DE-BA19-4A58-9D14-127B66810F35@muada.com> <70C6EFCDFC8AAD418EF7063CD132D0640125ACE4@WIN-MSG-21.wingroup.windeploy.ntdev.microsoft.com>

On 5-jul-2006, at 3:12, Christian Huitema wrote:

What would be the purpose of filtering at /48?

That allows for 2^45 = 351 trillion prefixes in the routing table,
which I suspect won't work too well on current routers. And it only
takes a handful of /32s deaggregated into /48s to inflate the IPv6
global routing table to a size larger than the current IPv4 routing
table.

But then, filtering at /32 allows for 2^30 = 1 billion prefixes,which I
suspect also won't work too well on current routers.

Yes, that's true. But a billion is still a lot closer to somethingreasonable than another nearly six orders of magnitude. And thecrucial difference is that there is little chance of the the full ::/3 space being deaggregated into individual /32s, while leaking ofsignificant numbers of "private" /48s into the global routing tableis something I fully expect to happen based on experiences with IPv4.

Setting narrow filtering constraints is also counter-productive, as it

encourage a rush on the short prefixes. An organization that couldhave

done just fine with a /48 or maybe a /40 will request a /32 just in
case, so that organization can eventually multi-home.

This assumes that people will get anything they request. Currently,you can't really get a /40: ISPs get /32 or shorter, end-users rarelyget something shorter than /48.

In the end, the size of the routing table will equal the number of
entities that want multi-homing hard enough. Playing around withprefix
sizes will not change that, and will probably generate undesirable
counter effects.

Besides, there are networks in which advertizing /48 or even /64 inBGPmakes perfect sense. Take for example the "metropolitanaggregation" in
which all users in an area get numbered from the same long prefix. The
local ISP will have to exchange the short prefixes with each other.The
will use BGP. Do we want to have a rule cast in stone that prevents
them?

We should really think twice before asking the IETF to publish a
position on this subject. Silence may well be the right approach.

On the other hand, no filtering at all is asking for trouble, so itwould make sense for us to come up with a good filtering strategy.One would be to make a filter based on actual allocations, which isstill possible in IPv6 today because of the small size of the globaltable.

Another approach is to filter on prefix size depending on the size ofthe prefixes RIRs give out in a certain part of the address space.(Possibly allowing one or two extra bits for traffic engineeringpurposes.) I think this is the best way to do it currently, but theproblem is that the RIRs are still coming up with new stuff here soif we write this up it's likely that the list of parts of the addressspace where /48s are given out will change soon after, so theresulting document won't be all that useful in practice. (I'm alsoVERY much annoyed by the fact that the RIRs say you can filter on /32(see quote yesterday) but give out /48s at the same time, I'vebrought this up YEARS ago and no action so far. The fact that eachRIR reinvents the wheel with little global coordination but we'redealing with a GLOBAL routing table and not several regional onesdoesn't help.)

Third approach: use prefixes shorter than /48 for anything thatshould be in the routing table and then filter at /47. This avoidsproblems with accidental leaking of /48s from internal routing, butthe ship has sailed on /48 for "micro allocations" so this approachwould have to be combined with the previous one.

Finally, it would be possible to tag prefixes longer than /32 thatare injected into global routing intentionally, especially in thecase of shorter prefixes that are drawn from a larger address blockfor multihoming purposes, with a BGP community that indicates whythis is done so that people can filter appropriately. For instance,as a network operator I may want to allow such prefixes from "closeby" but not from other continents, so that there is a more or lessdynamic tradeoff between routing table size and optimum traffic flowthrough the network, which is really what we want. (With PI you'reforced to carry the route or the destination is unreachable, not avery nice choice.)

References:
- v6 multihoming and route filters
  - From: "Azinger, Marla" <marla_azinger@eli.net>
- Re: v6 multihoming and route filters
  - From: Pekka Savola <pekkas@netcore.fi>
- Re: v6 multihoming and route filters
  - From: Marc Blanchet <marc.blanchet@viagenie.ca>
- Re: v6 multihoming and route filters
  - From: Kevin Loch <kloch@hotnic.net>
- Re: v6 multihoming and route filters
  - From: Marc Blanchet <marc.blanchet@viagenie.ca>
- Re: v6 multihoming and route filters
  - From: Iljitsch van Beijnum <iljitsch@muada.com>
- RE: v6 multihoming and route filters
  - From: "Christian Huitema" <huitema@windows.microsoft.com>

Prev by Date: Re: v6 multihoming and route filters
Next by Date: RE: v6 multihoming and route filters
Previous by thread: Re: v6 multihoming and route filters
Next by thread: Re: v6 multihoming and route filters
Index(es):
- Date
- Thread