Hey Danny,
On 26/11/2008, at 12:34 AM, Danny McPherson wrote:
Perhaps if you'd outline a couple use cases of BOAs I'd better understand how this is useful and provides more net benefits than offshoots?
There are several use cases that come to mind, but only one I can anonymise and present with the organisation's permission.
Lets say XYZ Bank has a significant address holding, due to their engineering design they actually use globally routable unique addresses for all of their internal infrastructure as it makes their redundancy and fail-over mechanisms clean. This "infrastructure" set of addresses is never meant to be seen in global routing tables. (yes even though they have firewalls and all types of black-boxes protecting it). In partial deployment the BOA gives the XYZ Bank the higher level _policy_ power which goes beyond router configuration to say "our infrastructure prefixes are not to be accepted and certainly not routed" irrespective of any router config fumbles.
I guess in someway this might be similar to a large cable provider that could use a specific IPv6 range for managing their SOHO units. Equally those prefixes aren't intended to ever see the light of a DFZ. So they also might issue a BOA to that effect.
If a BOA is not available to them, the interpretation of just a ROA for the intended routable address space is that the prefix for the ROA IS accepted, but the other prefixes MAY be accepted, based on local (theirs and third party) router config. There is no high level statement to the effect of 'ONLY route prefix x/y' until full deployment.
I'll do my best to get permission to discuss other examples that cover BOA use in a full deployment environment.
Cheers Terry _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
