nanog mailing list archives
Re: Bogon filtering (don't ban me)
From: Iljitsch van Beijnum <iljitsch () muada com>
Date: Sun, 5 Dec 2004 19:50:11 +0100
On 5-dec-04, at 19:29, Joe Maimon wrote:
I think that a BGP mechanism to tag routes as "ignore all more specifics" would solve this problem nicely. (and perhaps a whole lot others -- such as needless deaggregation)
Yeah, like people who are needlessly deaggregating are going to send out an aggregate with this tag on it...
What you want is a way to inject filters into a box remotely with live updating. So this is what the vendors should build.
As far as router vendors such as Cisco autosecure, I do not think there is any way to make default access lists lossless. They should step up to the plate and offer md5 by system serial number keyed multihop BGP bogons in the manner of cymru. Its their responsibility.
Why? Why should anyone bother? Why are we even discussing this?The whole point that started this discussion is that bogon filtering is HARMFUL a good part of the time. And it doesn't really do anything useful to begin with! You get to reject packets from dark address space, but:
- That's only some 40% of all address space, so you need to be able to deal with the other 60% anyway. Why wouldn't whatever mechanism that deals with the 60% be unable to deal with the additional 40%?
- (Loose) uRPF will buy you the exact same functionality and more without any upkeep.
Current thread:
- RE: Bogon filtering (don't ban me), (continued)
- RE: Bogon filtering (don't ban me) Rob Thomas (Dec 04)
- Re: Bogon filtering (don't ban me) Cliff Albert (Dec 05)
- Re: Bogon filtering (don't ban me) Joe Abley (Dec 05)
- Re: Bogon filtering (don't ban me) Cliff Albert (Dec 05)
- Re: Bogon filtering (don't ban me) Ian Dickinson (Dec 05)
- Re: Bogon filtering (don't ban me) william(at)elan.net (Dec 05)
- Re: Bogon filtering (don't ban me) william(at)elan.net (Dec 05)
- Re: Bogon filtering (don't ban me) Joe Abley (Dec 05)
- Re: Bogon filtering (don't ban me) Joe Maimon (Dec 05)
- Re: Bogon filtering (don't ban me) william(at)elan.net (Dec 05)
- Re: Bogon filtering (don't ban me) Iljitsch van Beijnum (Dec 05)
- Re: Bogon filtering (don't ban me) Rob Thomas (Dec 05)
- Re: Bogon filtering (don't ban me) Jørgen Hovland (Dec 05)
- Re: Bogon filtering (don't ban me) Mikael Abrahamsson (Dec 05)
- Re: Bogon filtering (don't ban me) Patrick W Gilmore (Dec 05)
- Re: Bogon filtering (don't ban me) Iljitsch van Beijnum (Dec 05)
- Re: Bogon filtering (don't ban me) Cliff Albert (Dec 05)
- Re: Bogon filtering (don't ban me) Iljitsch van Beijnum (Dec 05)
- Re: Bogon filtering (don't ban me) Sean Donelan (Dec 05)
- Re: Bogon filtering (don't ban me) Rob Thomas (Dec 05)
- Re: Bogon filtering (don't ban me) Michael . Dillon (Dec 06)