IPv6 BGP beacon experiment
Motivation
In the past years, I have been doing research on the state of the global IPv6
BGP routing system - routing table growth, and ``announcements that should
not be there''. Here you can read more about
that.
Something that is seen repeatedly is lack of IPv6 BGP filters, notably:
- downstream ISPs sending a full BGP table to all of their upstream ISPs
- upstream ISPs accepting everything their downstream ISPs send to them
- lack of clear agreement on who is upstream and downstream, and which
prefixes and AS actually should receive transit through an AS
- leak of /64 or even /128 more-specific routes into the global BGP
system (there is some rough consensus that multihomed customers may
use more specifics in the range of /32.../48, but nothing more specific
than a /48)
- ...
This lack of filtering means that unsuspecting ASes may see their prefixes
receiving transit traffic over completely unplanned routes, and worse, with
definite lack of quality of service (old 2503 routers, tunnels, ...)
My IPv6 beacon test setup tries to identify filtering leaks
Setup
I will announce two prefixes / set of prefixes, in a weekly schedule:
- 2001:0608:e000::/35
from: AS8878, announced only to customers of AS5539
(so you should never see this prefix outside germany, unless one
of our customer is leaking it)
- 2001:608:f000::/36
2001:608:ff00::/40
2001:608:ffff::/48
2001:608:ffff:ffff::/64
2001:608:ffff:ffff::1/128
from: AS8878, announced to the whole world. This is to see how many
ISPs actually apply filters to more-specific routes (see my
IPv6 filter recommendations page for
recommendations and sample filters)
Schedule / Methology
The current planned schedule is:
| Date | Prefix set announced |
|---|
| Wed, May 27 | announce /35, customers only |
| Wed, Jun 2 | announce more specifics, global |
| | withdraw /35 |
| Wed, Jun 9 | announce /35, customers only |
| | withdraw more specifics |
| Fri, Jun 18 | announce more specifics, global |
| | withdraw /35 |
| Wed, Jun 23 | withdraw all announcements, evaluate results |
Two days after each announcement, we will check various looking glasses,
notably GRH and
RISwhois
for visibility of the newly
announced prefixes, and for leftovers (Ghosts) of the withdrawn ones.
Also, I will keep track on whether anyone will notice those routes,
especially the more specifics, and complain to me.
Results
Wed, May 27, 12:00 MEDT: Announced /35.
Seen only at customers of 5539 (over the full week). GOOD
Wed, Jun 02, 13:00 MEDT: withdraw /35, announce more specifics
13:05 MEDT:
Withdraw of /35 propagated almost instantly: not seen anymore in GRH
/36 accepted widely (19 peers in GRH, )
/40 accepted widely (19 peers in GRH)
/48 partially filtered (17 peers in GRH)
/64 filtered pretty well (6 peers in GRH)
/128 filtered even better (3 peers in GRH, only 1 AS path (15444 5539 8878))
BUT: all RIPE RRCs see prefixes, even /128 (21 ris peers for all pfxes)
Fri, Jun 11, ??:?? MEDT: announce /35, withdraw more specifics
Fri, Jun 18, 09:30 MEDT: withdraw /35, announce more specifics
Update: 2004/05/24. Gert Döring: initial version.