If you are using 2002::/16 you know are relying on third parties.  Not that it 
is much
different to any other address where you are relying on third parties.

If one is going to filter 2002::/16 from BGP then install your own gateway to 
preserve
the functionality.

> On 19 Jun 2018, at 10:23 am, Ca By <cb.li...@gmail.com> wrote:
> 
> 
> 
> On Mon, Jun 18, 2018 at 4:37 PM Mark Andrews <ma...@isc.org> wrote:
> If a ASN is announcing 2002::/16 then they are are happy to get the traffic.  
> It
> they don’t want it all they have to do is withdraw the prefix.  It is not up 
> to
> the rest of us to second guess their decision to keep providing support.
> 
> That sounds like an interesting attack scenario where a malicious actor can 
> insert themselves in a path, via bgp, announcing 6to4 space 
> 
> 
> If you filter 2002::/16 then you are performing a denial-of-service attack on
> the few sites that are still using it DELIBERATELY.
> 
> None of the problems required removing it from BGP.  There were end sites that
> had firewalls that blocked 6to4 responses and the odd site that ran a gateway
> and failed to properly manage it.  The rest could have been dealt with by
> configuring more gateways.  If every dual stacked ASN had run their own 
> gateways
> there wouldn’t have been a scaling issue.  i.e. take the 2002::/16 traffic and
> dump it onto IPv4 as soon as possible and take the encapsulated traffic for 
> the
> rest of IPv6 and de-encapsulate it as soon as possible.
> 
> Mark
> > On 19 Jun 2018, at 8:56 am, McBride, Mack <c-mack.mcbr...@charter.com> 
> > wrote:
> > 
> > This should have been filtered before.
> > Lots of people improperly implemented this so it caused issues.
> > 
> > Mack
> > 
> > -----Original Message-----
> > From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of John Kristoff
> > Sent: Monday, June 18, 2018 3:48 PM
> > To: Job Snijders <j...@ntt.net>
> > Cc: NANOG [nanog@nanog.org] <nanog@nanog.org>
> > Subject: Re: Time to add 2002::/16 to bogon filters?
> > 
> > On Mon, 18 Jun 2018 21:08:05 +0000
> > Job Snijders <j...@ntt.net> wrote:
> > 
> >> TL;DR: Perhaps it is time to add 2002::/16 to our EBGP bogon filters?
> > 
> > Hi Job,
> > 
> > I've been asking people about this recently.  I don't particularly like 
> > having misdirected traffic or badly configured hosts sending junk to those 
> > who happen to be announcing addresses from this prefix.  I'm planning on 
> > adding this to a bogon filter here.
> > 
> > John
> > E-MAIL CONFIDENTIALITY NOTICE: 
> > The contents of this e-mail message and any attachments are intended solely 
> > for the addressee(s) and may contain confidential and/or legally privileged 
> > information. If you are not the intended recipient of this message or if 
> > this message has been addressed to you in error, please immediately alert 
> > the sender by reply e-mail and then delete this message and any 
> > attachments. If you are not the intended recipient, you are notified that 
> > any use, dissemination, distribution, copying, or storage of this message 
> > or any attachment is strictly prohibited.
> > 
> 
> -- 
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742              INTERNET: ma...@isc.org
> 

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: ma...@isc.org

Reply via email to