[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: New Version Notification for draft-ietf-v6ops-v6inixp-02

To: roque@lacnic.net
Subject: Re: New Version Notification for draft-ietf-v6ops-v6inixp-02
From: MAWATARI Masataka <mawatari@jpix.ad.jp>
Date: Tue, 06 Oct 2009 18:21:38 +0900
Cc: martin.pels@ams-ix.net, v6ops@ops.ietf.org
In-reply-to: <8A3A255A-3786-4608-907B-5C1AD6B10A7A@lacnic.net>
References: <20091002180244.E48A.8FE1F57E@jpix.ad.jp> <8A3A255A-3786-4608-907B-5C1AD6B10A7A@lacnic.net>

Hi Roque,


Thank you very much.

Please excuse the brevity.
Just a few standardizing words.


* On Mon, 5 Oct 2009 12:07:50 +0100
* Roque Gagliano <roque@lacnic.net> wrote:

> Dear Martin/ Masataka,
> 
> I am proposing the following text for version 03.
> 
> ----------------
>     IPv6 prefixes for IXP LANs are typically publicly well known and
>     taken from dedicated IPv6 blocks for IXP assignments reserved for
>     this purpose by the different RIRs.The current practice that applies
>     to IPv4 about publishing IXP allocations to the DFZ (Default Free
>     Zone) should also apply to the IPv6 allocation.  When considering  
> the
>     routing of the IXP LANs two options are identified:
> 
>     o  IXPs may decide that LANs should not to be globally routed in
         ^^^^
         IXP


>        order to limit the possible origins of a Distributed Denial of
>        Service (DDoS) attack to its particpant' AS boundries.  In this
>        configuration participants may route these prefixes inside their
>        networks (e. g. using BGP no-export communities or routing the  
> IXP
>        LANs within the participants' IGP) to perform fault management.
>        Using this configuration, the monitoring of the IXP LANs from
>        outside of its participants' AS boundaries is not possible.
> 
>     o  IXP may decide that LAN should be globally routed.  In this case,
                             ^^^
                             LANs


>        IXP LANs monitoring from outside its participants' AS boundries  
> is
>        possible but the IXP LANs will be vulnerable to DDoS from  
> outside of
>        those boundaries.
> 
>     IXP external services (such as dns, web pages, ftp servers) need to
>     be globally routed and due to strict prefix length filtering this
>     could be the reason to request more than one /48 assignment from a
                                                   ^^^^^^^^^^^^^^
                                                   allocation


>     RIR (i.e. requesting one /48 for the IXPs LANs that is not globally
                                           ^^^^^^^^^
                                           IXP LANs


>     routed and a different /48 for the IXP external services that is
                             ^^^
                             allocation


e.g.
sometimes, /48 (for IXP LANs) and /48 (for external services).
sometimes, /48 (for IXP LANs) and /32 (for external services).
sometimes, something else.


>     globally routed).
> ---------------------
> 
> What do you think?
> 
> Roque


Regards,
Masataka MAWATARI

Follow-Ups:
- Re: New Version Notification for draft-ietf-v6ops-v6inixp-02
  - From: Roque Gagliano <roque@lacnic.net>

References:
- Re: New Version Notification for draft-ietf-v6ops-v6inixp-02
  - From: MAWATARI Masataka <mawatari@jpix.ad.jp>
- Re: New Version Notification for draft-ietf-v6ops-v6inixp-02
  - From: Roque Gagliano <roque@lacnic.net>

Prev by Date: Re: Routing loop attacks using IPv6 tunnels
Next by Date: Fwd: V6OPS - Requested sessions have been scheduled for IETF 76
Previous by thread: Re: New Version Notification for draft-ietf-v6ops-v6inixp-02
Next by thread: Re: New Version Notification for draft-ietf-v6ops-v6inixp-02
Index(es):
- Date
- Thread