[afripv6-discuss] Are AfriNic's /48 being filtered?

[Mark J Elkins]

Leo Vegoda wrote:
> Jordi,
>
> On 24 Aug 2007, at 11:18, JORDI PALET MARTINEZ wrote:
>
>> Hi Mark,
>>
>> This is the reason why I always insisted that PI should be /32.
>>
>> Many people will IGNORE what AfriNIC or other RIRs tell them and will
>> keep
>> filtering anything longer than /32.
>>
>> Nice to have non-reachable critical infrastructures !
>>
>> In my opinion we should still consider a change in the policy to allow
>> AfriNIC to assign a /32 in case is proven, as in this case, than the
>> /48 is
>> getting filtered.
>
> You raise an interesting point. Is it your opinion that AfriNIC (or
> any RIR) should guarantee routability? If so, to what proportion of
> inter-connected networks should it guarantee routability and how
> should such routability be measured? How would you document such a
> guarantee in a policy?
No one can guarantee routability.

The question should be - can an RIR guarantee routability/propagation 
of a /48 to be the same as that of a /32.
The answer is No. What then is needed is more education or awareness?
Perhaps this needs to be the topic of a talk at RIR meetings? Perhaps
the blocks need to be spoken about on RIR mailing lists - with suggested
(generic/cisco) configs for allowing them through.

AfriNIC's /48's come from 2001:43f8::/29. I understand this was
announced on our 'local' mailing list. I have no idea what the
equivalent net blocks are for the other regions. /48 Blocks from AfriNIC
get to about 80% of the world (looking at
http://www.sixxs.net/tools/grh/dfp/all/?country=za).

I've been personally chasing a few of the people who do not propagate
AfriNIC's /48 routes - and its like wading through mud. Think about it -
this group is meant to be pro-IPv6 - and 20% of them (or their
upstreams) get it wrong.

I agree that technically, /48's should be provided as opposed to /32's -
and the world more or less got this managed for IPv4 addresses - so it
should be possible - but what will be the cost?
Perhaps there needs to be a similar but temporary policy to that of
LACNIC - to issue /32's at their discretion. Does this type of Policy
exists in the other area's?

RIPE's /48 seem to mainly be peering points,
LacNIC has a Critical Infrastructure PI policy, their /48's don't seem
to get out,
APNIC has two /48's with 75% propagation - most of the others are IXP's
ARIN looks the most successful - with people like ARIN, ULTRADNS and
NEUSTAR doing well.

ARIN shows that its possible to do. Being there pretty much first (and
looking at the players) is probably the reason.

Education - by all RIR's - helping the world understand which blocks
around the world have /48 masks.
Perhaps every time any IPv6 space is allocated/assigned - the current
filtering rules should also be provided.
Perhaps the RIR's themselves should ONLY use /48's - there by
encouraging routability? - Part of the assignment/allocation post test
process, you must be able to see all RIR's own /48's within 6 months
(whatever) and pick up a "token" (one token per  Superblock that /48's
are assigned from) - otherwise assignments/allocations are revoked?

This does not guarantee routability by the RIR's - but would encourage it.

-- 
  .  .     ___. .__      Posix Systems - Sth Africa
 /| /|       / /__       mje at posix.co.za  -  Mark J Elkins, SCO ACE, Cisco CCIE
/ |/ |ARK \_/ /__ LKINS  Tel: +27 12 807 0590  Cell: +27 82 601 0496