It's amazing how much of a problem you think leaking of prefixes is... I don't know about you, but I'm pretty strict about what prefixes I allow to be advertised up to me from people we service. I'm not sure having a random private prefix will make much of a difference, since it sounds like fat-fingering a GUA and hijacking a real prefix is just as (or even more) likely. I think the original point was that if you do decide to use ULA, then stay in FD00::/8 and not FC00::/7, there is no way to force people to follow the RFC for something thats non-routed unless we involve vendors. If it sounds like a good idea to include the random 40-bit segment and you can tolerate having non-routed addresses be a little more difficult to remember, then go for it. If you don't follow the RFC and it bites you because of a merger in the future, then it's your own fault and you haven't affected anyone. In the vast majority of environments, even if this space did leak out into the global table and wasn't filtered at all, you would probably still maintain normal operation because your non-routed networks would be a shorter path than anything advertised back down to you. Do we really need 80 messages talking about the dangers of leaking? Perhaps you should see your doctor if its that big of a problem. I think there are some drugs to fix that problem these days... The obvious assumption is that anyone who is providing IPv6 transit is already protecting themselves appropriately, just as they already do in the IP world. On Fri, Oct 22, 2010 at 11:40 AM, Owen DeLong <owen@delong.com> wrote:
On Oct 22, 2010, at 5:25 AM, William Herrin wrote:
On Fri, Oct 22, 2010 at 1:20 AM, Joel Jaeggli <joelja@bogus.com> wrote:
On 10/21/10 6:38 PM, Owen DeLong wrote:
On Oct 21, 2010, at 3:42 PM, Jack Bates wrote:
On 10/21/2010 5:27 PM, Joel Jaeggli wrote:
Announce your gua and then blackhole it and monitor your prefix. you can tell if you're leaking. it's generally pretty hard to tell if you're leaking rfc 1918 since your advertisement may well work depending on the filters of your peers but not very far.
This is always the argument I hear from corporate customers concerning wanting NAT. If mistake is made, the RFC 1918 space isn't routable. They often desire the same out of v6 for that reason alone.
the rfc 1918 space is being routed inside almost all your adjacent networks, so if their ingress filtering is working as expected, great, but you're only a filter away from leaking.
A filter away from leaking to -one- of the millions of entities on the internet. Two filters away from leaking to two.
This underestimates the transitive property of leakage.
Owen
-- Ray Soucy Epic Communications Specialist Phone: +1 (207) 561-3526 Networkmaine, a Unit of the University of Maine System http://www.networkmaine.net/