On 17.3.2010 16:34, Wolfgang Hennerbichler wrote:
Hi Ondrejs & Fellow BIRD users,
I'm currently building the IPv6 Part of our BIRD Configuration Template. I'm trying to build it in the same way as our IPv4 stuff, which is trivial, because I've prepared all the code for a "dual stack" implementation. My question is, what your current best practice is for avoiding martians or unnecessary ipv6 routes (Like the Link Local Range, but I guess there are much more which I currently am not thinking about).
Like in IPv4 I have this: prefix set martians; { martians = [ 169.254.0.0/16+, 172.16.0.0/12+, 192.168.0.0/16+, 10.0.0.0/8+, 224.0.0.0/4+, 240.0.0.0/4+ ]; if net.ip = 0.0.0.0 then return false; # Avoid too short and too long prefixes if (net.len < 8) || (net.len > 30) then return false; if net ~ martians then return false; return true; }
What is your recommendation for that?
As Ondrej has mentioned, this is a little bit better/faster approach: ---------------------------------- function avoid_martians() prefix set martians; { martians = [ 169.254.0.0/16+, 172.16.0.0/12+, 192.168.0.0/16+, 10.0.0.0/8+, 224.0.0.0/4+, 240.0.0.0/4+, 0.0.0.0/32-, 0.0.0.0/0{31,32}, 0.0.0.0/0{0,7} ]; # Avoid RFC1918 networks if net ~ martians then return false; return true; } ---------------------------------- But I personally prefer: 0.0.0.0/0{25,32} :-) I use this IPv6 filter: ---------------------------------- # This function excludes weird networks function avoid_martians() prefix set martians; { martians = [ fc00::/7+, fec0::/10+, ::/128-, ::/0{0,15}, ::/0{49,128} ]; if net ~ martians then return false; return true; } ----------------------------------
Wolfgang
PS: I think we have a very decent, awesome and super-automated IPv4 BIRD installation now @VIX, still not running productive, but as soon as IPv6 (and some minor tweaking in the webinterface) is done, we are going to run productive, which will be well before Euro-IX in Brussels.
Good news! Ondrej