North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: v6 gluelessness

  • From: Christopher Morrow
  • Date: Tue Jan 22 16:03:50 2008
  • Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=yqkj9r8+RF3p8qogYM+lFYONkMm4MjSl7a1G2734Vx8=; b=FvI8AF6Gqu3dAhElw1OMKPTTkM7hykiRBEE9natEgfW983OXjkHfCpXHxbYciET4835wvsQ+PRklxVc3j0TfEyVnWJUK51UprDqEWQu6mFAH3aiC3NYgHX2WJw/RDUWTmHktbreghkpVMjKDH+600BVwqVY4ZBlFGezr1GDgRuM=
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=LupVlgwsZ0ofhf5Sy6kMWFdxZg0NXcX4+CSagbGtJdv3qCj+RH44tjtG+EmXB4TlqUrdR5NIQ8mkdJqcrNA/GsgFsRPq+3o/Po3s8qT1QZJAQuPQ15G86HSK7vmC2qkORT59Rb48/irUEsG5DIZlEKcSWQVkIiZkUMo63bccXLQ=

On Jan 22, 2008 2:11 PM, Iljitsch van Beijnum <iljitsch@xxxxxxxxx> wrote:
>
> I'm quite unhappy about the trend to put everything in their own
> blocks that happen to be the longest possible prefixes. This means
> that one oversight in prefix length filtering can take out huge
> numbers of important nameservers.
>

and you have a giant confluence of number resource management and
operational practices here  as well.

> We really need as much diversity as we can get for this kind of stuff.
> There is no one single best practice for any of this.

For roots? TLD? ccTLD? (is there a potential difference between the
TLD types?)  Is diversity in numbers of networks and numbers of
locations per entity good enough? (.iq served out of US, Iraq, AMS on
3 different netblocks by 3 different operators ideally serviced by a
central controlling gov't entity... wait .iq changed... use .co as the
example)

Is, for lack of a quicker example: .iq 'good' or could they improve by
 shifting their NS hosts to blocks outside the /16 194.117.0.0/16? or
does it matter at all because they have each announced as a /24 with
no covering route?? (so if someone fudged a /24 max prefix length
filter to /23 they'd be broken either way?)

Some of this is covered in rfc2182 anyway, right?

-Chris