What is IPv6 Quarantine Peering?

The IPv6 internet has a problem where several number of network operators are refusing to acquire transit, and exchanging full routing table over legacy 6bone tunnels--these networks are called Rogue ASes. While many production network operators are no longer exchanging full routes, they often peer, or give transit to one of these Rogue ASes.

OCCAID experienced many difficulties in its roadmap to implement production quality IPv6 routing, where several of its production peers have been giving transit to experimental Rogue ASes, or otherwise leaking our peering routes to them.

In order to address these problems for our customers, we implemented a procedure called IPv6 Quarantine Peering. When an applicant sends us a peering request, we evaluate their current AS topology and visible peers. If we notice that they are peering with any of the Rogue ASes, we may require the applicant to enter into a Quarantine Peering, before a full peering can be granted. Typically, Quarantine Peering process lasts for about 24 hours, but this is dependent upon applicant's network topology and number of peering agreements with Rogue ASes.

During the Quarantine Peering process, we will take all of peer's received routes into a quarantine mode, which sets the local-preference to 10. This eliminates usage of peer's announced routes (unless they are more specific). Additionally, we will announce an allocated /32 single prefix to the peer.

While the process is in place, our engineers will regularly check for visibility of OCCAID-advertised routes during the Quarantine Peering process. If any of OCCAID-advertised routes are advertised or otherwise leaked to Rogue ASes, the Quarantine Peering has become unsuccessful. Applicant will then need to correct each and every one of these detected leaks/errors until full production peering can be granted. Once all visible accidental route leaks and errors have been corrected, we will grant full peering to the applicant.

Applicants who require us to enter into a peering relationship using private circuits may be required to enter into Quarantine Peering mode via public infrastructure (i.e. internet exchange) or a tunnel. Quarantine Peering process will need to be successfully completed before provisioning orders for private interconnects can begin.