Re: 10/8 announced ?

[Stephen Stuart <stuart () pa dec com>]

> 10/8 gets announced at least once a day by someone somewhere. Really.
>
> So what else is new? Smart providers explicitly filter RFC-1918 address
> space.  ;-)

In response to an appearance in May of some 192.168/16 prefixes, Paul
Vixie sent this to the NANOG list. I wrote up a gated analogue for
Digital's border routers; if anyone wants one, send me mail.

> Message-Id: <9605230534.AA26573 () wisdom home vix com>
> To: nanog () merit edu
> Subject: Re: RFC 1597 
> Date: Wed, 22 May 1996 22:34:17 -0700
> From: Paul A Vixie <paul () vix com>
>
> > *> 192.168.22.0     144.228.71.5    0 1239 1800 1804 1128 1955 3337 ?
> > *> 192.168.100.0/22 144.228.71.5    0 1239 1794 ?
> > *> 192.168.216.0    144.228.71.5    0 1239 1800 1755 1273 ?
> >
> > Shame on you 3337, 1794 and 1273.
>
> Indeed.  Since it's not my turn to be at fault for this kind of thing tonight,
> I guess I'll chime in with a copy of some useful goodies that Andrew Partan
> bestowed upon me last time CIX was caught advertising something bad:
>
> router bgp xxxx
>  neighbor y.y.y.y remote-as zzzz
>  neighbor y.y.y.y distribute-list 100 in
>  neighbor y.y.y.y distribute-list 101 out
>
> access-list 100 deny   ip host 0.0.0.0 any
> access-list 100 deny   ip 127.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255
> access-list 100 deny   ip 10.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255
> access-list 100 deny   ip 172.16.0.0 0.15.255.255 255.240.0.0 0.15.255.255
> access-list 100 deny   ip 192.168.0.0 0.0.255.255 255.255.0.0 0.0.255.255
> access-list 100 deny   ip 192.0.2.0 0.0.0.255 255.255.255.0 0.0.0.255
> access-list 100 deny   ip 128.0.0.0 0.0.255.255 255.255.0.0 0.0.255.255
> access-list 100 deny   ip 191.255.0.0 0.0.255.255 255.255.0.0 0.0.255.255
> access-list 100 deny   ip 192.0.0.0 0.0.0.255 255.255.255.0 0.0.0.255
> access-list 100 deny   ip 223.255.255.0 0.0.0.255 255.255.255.0 0.0.0.255
> access-list 100 deny   ip 224.0.0.0 31.255.255.255 224.0.0.0 31.255.255.255
> access-list 100 deny   ip any 255.255.255.128 0.0.0.127
> access-list 100 permit ip any any
>
> access-list 101 deny   ip host 0.0.0.0 any
> access-list 101 deny   ip 127.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255
> access-list 101 deny   ip 10.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255
> access-list 101 deny   ip 172.16.0.0 0.15.255.255 255.240.0.0 0.15.255.255
> access-list 101 deny   ip 192.168.0.0 0.0.255.255 255.255.0.0 0.0.255.255
> access-list 101 deny   ip 192.0.2.0 0.0.0.255 255.255.255.0 0.0.0.255
> access-list 101 deny   ip 128.0.0.0 0.0.255.255 255.255.0.0 0.0.255.255
> access-list 101 deny   ip 191.255.0.0 0.0.255.255 255.255.0.0 0.0.255.255
> access-list 101 deny   ip 192.0.0.0 0.0.0.255 255.255.255.0 0.0.0.255
> access-list 101 deny   ip 223.255.255.0 0.0.0.255 255.255.255.0 0.0.0.255
> access-list 101 deny   ip 224.0.0.0 31.255.255.255 224.0.0.0 31.255.255.255
> access-list 101 deny   ip any 255.255.255.128 0.0.0.127
> access-list 101 permit ip any any
>
> These are currently identical, but they're split into separate access-list's
> in case the sending restrictions and the receiving restrictions ever have
> cause to differ.
>
> Note that everybody who's anybody uses peer groups rather than duplicating
> this for every peer, but I'm the wrong person to try to explain peer groups
> so the above was intentionally kept at my "grunt, poke, listen" level.

Stephen
- -----
Stephen Stuart                          stuart () pa dec com
Network Systems Laboratory
Digital Equipment Corporation
- - - - - - - - - - - - - - - - -