[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-ietf-v6ops-v6inixp-04.txt WGLC

Hi Eduardo,

Please see the comments inline.

On Jan 28, 2010, at 3:55 AM, Eduardo Ascenço Reis wrote:

> Hi Roque,
> 
> I would like to recall a previous discussion.
> 
> 2009/11/9 Eduardo Ascenço Reis <eduardo@intron.com.br>:
>> ...
>> In this
>>     configuration participants may route these prefixes inside their
>>     networks (e. g. using BGP no-export communities or routing the IXP
>>     LANs within the participants' IGP) to perform fault management.
>> ...
>> I recommend for AS to use next-hop-self on iBGP sessions, by doing
>> that there will be no need to redistribute IXP prefix into their IGP.
>> 
> 
> 2009/11/20 Roque Gagliano <roque@lacnic.net>:
>> 
>> The routing of the IXPs LANs inside the participants has to do with the use
>> of uRPF and being able to perform traceroutes. Using next-hop-self to your
>> iBGP sessions does not solve this problem.
>> 
> 
> I did not get your points.
> 
> I agree that Unicast Reverse Path Forwarding (uRPF) may be a good
> solution for IPv6 IXP participants in order to get some extra
> protection against abuse conditions [1].
> 
> As uRPF is normally implemented on the network edge, the AS border
> router connected to the IXP already knows its IPv6 netblock (directly
> connected) and can check IPv6 source address against it. By the way,
> the exchange traffic that the AS may be more interested to check with
> uRPF wil have IPv6 source address from its peers prefixes.
> 
> So there is no relation between uRPF and IPv6 IXP netblock being
> advertised on participant IGP.
> 

(Roque) Eduardo, the problem is with downstream ISP customer's.

IXP ---- ISP1 --- ISP2 

ISP2 implements uRPF, in order to help him with troubleshooting without breaking uRPF the ISP1 announce the IXP LAN.


> Regarding traceroute tests, if IPv6 IXP netblock is not know by a
> participant IGP, it will only affect tests done by a host inside this
> network against IXP IPv6 address, which may be something good. The
> traceroute originator host can normally receive icmp unreachable
> packets from intermediate routers with a non-reachable IPv6 source
> address.

(Roque) In the previous example, for each traceroute passing by the IXP LAN, the packet with source IP in the IXP LAN will be discarded thanks to uRPF.

> 
> I understand that the fundamental routing point about this discussion
> is if the IPv6 prefixes learned by a participant AS have NEXT_HOP
> attribute reachable for the AS BGP enable routers, which may be done
> by routing the IPv6 IXP netblock inside the AS IGP or changing the
> prefixes NEXT_HOP for an AS internal IPv6 address (e.g. loopback from
> router connect to IXP).

I do not get your point here. Are we still talking about the IXP LAN prefix? 

Regards,
Roque.

> 
> I personally prefer the second option and recommend that to be
> included in this document as an alternative approach.
> 
> Thanks,
> 
> -- 
> 
> Eduardo Ascenço Reis
> 
> 
> [1] http://lacnic.net/documentos/lacnicxii/presentaciones/napla/06_Eduardo_Ascenco_Reis.pdf