On Oct 22, 2010, at 5:25 AM, William Herrin wrote: > On Fri, Oct 22, 2010 at 1:20 AM, Joel Jaeggli <joe...@bogus.com> wrote: >> On 10/21/10 6:38 PM, Owen DeLong wrote: >>> On Oct 21, 2010, at 3:42 PM, Jack Bates wrote: >>>> On 10/21/2010 5:27 PM, Joel Jaeggli wrote: >>>>> >>>>> Announce your gua and then blackhole it and monitor your prefix. >>>>> you can tell if you're leaking. it's generally pretty hard to >>>>> tell if you're leaking rfc 1918 since your advertisement may well >>>>> work depending on the filters of your peers but not very far. >>>> >>>> This is always the argument I hear from corporate customers >>>> concerning wanting NAT. If mistake is made, the RFC 1918 space >>>> isn't routable. They often desire the same out of v6 for that >>>> reason alone. >> >> the rfc 1918 space is being routed inside almost all your adjacent >> networks, so if their ingress filtering is working as expected, great, >> but you're only a filter away from leaking. > > A filter away from leaking to -one- of the millions of entities on the > internet. Two filters away from leaking to two. > This underestimates the transitive property of leakage.
Owen
