[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-ietf-v6ops-v6inixp-04.txt WGLC

To: Fred Baker <fred@cisco.com>
Subject: Re: draft-ietf-v6ops-v6inixp-04.txt WGLC
From: Eduardo Ascenço Reis <eduardo@intron.com.br>
Date: Thu, 28 Jan 2010 00:55:55 -0200
Cc: v6ops@ops.ietf.org, kurtis@kurtis.pp.se, rbonica@juniper.net, Roque Gagliano <roque@lacnic.net>
In-reply-to: <1F22A806-8341-4FB0-8135-3518574C7661@cisco.com>
References: <1F22A806-8341-4FB0-8135-3518574C7661@cisco.com>

Hi Roque,

I would like to recall a previous discussion.

2009/11/9 Eduardo Ascenço Reis <eduardo@intron.com.br>:
> ...
> In this
>      configuration participants may route these prefixes inside their
>      networks (e. g. using BGP no-export communities or routing the IXP
>      LANs within the participants' IGP) to perform fault management.
> ...
> I recommend for AS to use next-hop-self on iBGP sessions, by doing
> that there will be no need to redistribute IXP prefix into their IGP.
>

2009/11/20 Roque Gagliano <roque@lacnic.net>:
>
> The routing of the IXPs LANs inside the participants has to do with the use
> of uRPF and being able to perform traceroutes. Using next-hop-self to your
> iBGP sessions does not solve this problem.
>

I did not get your points.

I agree that Unicast Reverse Path Forwarding (uRPF) may be a good
solution for IPv6 IXP participants in order to get some extra
protection against abuse conditions [1].

As uRPF is normally implemented on the network edge, the AS border
router connected to the IXP already knows its IPv6 netblock (directly
connected) and can check IPv6 source address against it. By the way,
the exchange traffic that the AS may be more interested to check with
uRPF wil have IPv6 source address from its peers prefixes.

So there is no relation between uRPF and IPv6 IXP netblock being
advertised on participant IGP.

Regarding traceroute tests, if IPv6 IXP netblock is not know by a
participant IGP, it will only affect tests done by a host inside this
network against IXP IPv6 address, which may be something good. The
traceroute originator host can normally receive icmp unreachable
packets from intermediate routers with a non-reachable IPv6 source
address.

I understand that the fundamental routing point about this discussion
is if the IPv6 prefixes learned by a participant AS have NEXT_HOP
attribute reachable for the AS BGP enable routers, which may be done
by routing the IPv6 IXP netblock inside the AS IGP or changing the
prefixes NEXT_HOP for an AS internal IPv6 address (e.g. loopback from
router connect to IXP).

I personally prefer the second option and recommend that to be
included in this document as an alternative approach.

Thanks,

-- 

Eduardo Ascenço Reis


[1] http://lacnic.net/documentos/lacnicxii/presentaciones/napla/06_Eduardo_Ascenco_Reis.pdf

Follow-Ups:
- Re: draft-ietf-v6ops-v6inixp-04.txt WGLC
  - From: Roque Gagliano <roque@lacnic.net>

References:
- draft-ietf-v6ops-v6inixp-04.txt WGLC
  - From: Fred Baker <fred@cisco.com>

Prev by Date: Re: Comcast IPv6 Trials
Next by Date: Re: draft-ietf-v6ops-v6inixp-04.txt WGLC
Previous by thread: Re: draft-ietf-v6ops-v6inixp-04.txt WGLC
Next by thread: Re: draft-ietf-v6ops-v6inixp-04.txt WGLC
Index(es):
- Date
- Thread