On Tue, 13 May 2003, Michel Py wrote:
ipv6 prefix-list ipv6-ebgp-strict permit 2001::/16 ge 24 le 32
This could also be refined. Not all 2001::/16 has been delegated to RIRs. ARIN got a block, RIPE got a block, APNIC got a block, but there still is some undelegated space. The drawback of refining to that level is that it will inevitably induce a situation similar to 69/8 and will require maintenance, but the other side of that coin is that it would prevent people from hijacking prefixes from undelegated space.
As an example and please correct me if wrong in the address I picked because it's all from memory, if I hijack and announce 2001:FEED::/32 that would pass your filter but this prefix can't be assigned to anybody now as it is not part of a larger block that has been delegated to a RIR, so it must be a hijack.
RIR's have obtained multiple blocks, as they receive them in the chunks of /23's from IANA. (A thing I've complained about to IANA, btw.). So, they need a new one every 2^6 = 64 allocations. That's way too often, and maintenance would be a pain. With current mechanisms, there's always a way to hijack space (e.g. you could announce a slice of /32 from the /29 everyone has been reserved), we really can't avoid it using bogon filters.. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings