-----BEGIN PGP SIGNED MESSAGE----- Joao Damas [mailto:joao@isc.org] wrote: <BIG SNIP>
No, no and definitely no!!!
It is one thing to put all IXP prefixes in the same block, after all it does not matter if they are not seen in the global Internet as, in fact, they should not be visible.
My idea exactly, though some others think differently and they have their valid reasons to do so.
However, putting public infrastructure all in the same prefix is about the worst idea I have heard in some time. One hiccup would kill them all at the same time.
All the 'public infrastructure' is under 2000::/3 at the moment. Do hiccup's over there cause any problems? I mean, come on, even Cisco (AS109 FYI) is passing prefixes through their routers that have private ASN's as transits. If they are all in the same prefix (/32 for instance) at least people could safeguard and put monitoring on those prefixes as they are easily identified as being 'critical infra', which is the reason why it is currently seperately specified in the RIR allocation policies. Next to that if DNS's are given a micro-allocation from that /32, ISP's will know that it is normal and default behaviour for that prefix, unlike the current set of a number of 'special' prefixes that simply look like normal prefixes. I really don't see any difference between: - 2001:db8::/32 = 1 NS or: - 2001:db8::/32 = contains all NS's 2001:db8:1:/48 - A.root 2001:db8:2:/48 - B.root 2001:db8:3:/48 - C.root 2001:db8:2000:/48 - nl.tld 2001:db8:3000:/48 - de.tld .... The last one are more specifics anyways, if anybody is able to announce a /32 or a /48, it doesn't matter it will always be a BGP and trust problem. Same if I would announce say, 198.41.0.0/22 on the AMS-IX to the peers over there, it will have the shortest path and any ISP not filtering correctly will start sending the traffic to me. That is a BGP security and peering-trust problem and has nothing to do with the above. Greets, Jeroen -----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ iQA/AwUBP9tLICmqKFIzPnwjEQJaAgCeKFRi6JIAr9YW6o8Q0R89WNzUTQ8AoKxY v0pH3CxlzoSBmcioQfkGbfzV =7CTX -----END PGP SIGNATURE-----