nanog mailing list archives
filtering long prefixes
From: Sean Doran <smd () sprint net>
Date: Thu, 21 Sep 1995 05:27:36 -0400
I was talking to a set of customers of ours today,
some of whom were dealing with some long prefixes
which were being heard originating within SprintLink
and propagating to MCI.
This caused me to audit how well our edge filtering
was working, and to spend some time reworking the
filters that match long prefixes.
I shall post the text of the filter here tomorrowishly so
that everyone can look at how gross it is, comments-and-all.
Meanwhile, however, it seems correctly to implement this
policy, which is now many months old:
reject BGP announcements which:
-- are an old-style classful A network with a
mask longer than 8 bits
except for exp39, 39.0.0.0/8, where we
allow prefixes to be up to 24 bits long
and the two operational IBM prefixes:
9.20.0.0/18 and 9.2.0.0/16.
-- are an old-style classful B network with a
mask longer than 16 bits
-- are in the range of 206.0.0.0/8 to 239.0.0.0/8
with a mask longer than 18 bits
-- has a mask longer than 24 bits
[RSN we will also reject RFC1597 prefixes in
this list; currently another mechanism is
used to avoid hearing RFC1597 prefixes.]
Note that we accept prefixes in the range of 192.0.0.0/8 - 205.0.0.0/8
(known cordially as The Swamp) as long as the prefix is at
least 24 bits long.
Also, this is not cast in concrete; there was some discussion
of possibly allowing /19s at some point, and also some
discussion about attacking the top several octets of The Swamp,
by allowing only /23s or shorter.
There has also been some talk about relaxing the maximum
mask length on 1.0.0.0/8 - 126.0.0.0/8 to something a bit
longer.
I suspect all of this will be revisited at intervals,
however, I believe that the consensus at the NANOG in
Pittsburgh was that it'd be a good idea to post things
like this here.
Also, I note that we currently are not applying this list
*outbound* or against customer BGP sessions. The reason for
this is quite simple -- call it a (very) small incentive for
other folks we peer with to apply the same kind of inbound
filter against very long prefixes.
I will admit that this is more a case of oversight than
direct engineering terrorism, however, at some point we
certainly will begin stopping the announcement of this
type of long prefix to our external peers, and in the mean
time it's useful to know that there really are people
out there who notice /32s and the like floating around,
and who complain about them. That's a good thing.
Personally, I'd be grateful if people *did* toss long
prefixes gotten from SprintLink (and elsewhere), so
long as they tell people about it.
Penultimately, this filter is currently deployed at all
of SprintLink's edges, but not within ICM AS 1800.
This is principally to allow for differential comparisons
between what long prefixes the two networks see over the
next short while. That makes it easier to see what we're
filtering out on the SprintLink side, in hopes of catching
botches and spending a couple of days firing off email
to people responsible for announcing long prefixes,
explaining why they should stop.
Finally, the list of the prefixes affected by the filter,
obtained by differential comparison between SL and ICM, is
below. The classful subnets were noted in CIDRD; the stuff
in 206/8 is of some interest to the very-newly-connected
(connected, in fact, by people who probably didn't warn
their customers of the very very very old announcements I
made here and on CIDRD about precisely this filtering on
206/8, on 13 April, 23 June, 24 August, and other dates, and
at NANOGs and IETFs galore) are interesting: many (more than
120) are covered by idempotent less-specific aggregates
anyway, and others seem to be easily aggregatable, or
just don't seem to go anywhere yet.
Sean.
- --
Sean Doran <smd () sprint net>
- -- cut here ----
[subnets of classful A space, classful B space, and all >/24s]
[ prefix as-path ]
129.40.43.0/24 690 2685
129.40.202.0/24 690 2685
129.159.147.0/24 1755 2874
129.159.148.0/24 1755 2874
131.115.186.0/24 1755 3300
131.115.187.0/24 1755 3300
131.115.188.0/24 1755 3300
131.116.136.0/26 1755 3300
131.116.136.64/26 1755 3300
131.116.136.128/26 1755 3300
131.116.153.64/26 1755 3300
132.174.100.0/24 690 1325 4373
139.92.1.0/24 1804 1128 1275
145.17.100.0/24 1801 786 1849
147.186.219.64/26 1755 2874
148.185.45.0/24 1801 786 1849
148.252.1.0/24 1801 786 1849
149.212.64.0/23 1755 1759 544
151.185.100.0/22 3561
151.185.104.0/22 3561
151.185.108.0/23 3561
151.185.110.0/24 3561
152.129.186.0/24 3561 4478
155.140.123.0/24 1801 786 1849
159.24.7.64/26 3561 4286
159.189.128.0/19 3561 279 2048 {33035}
160.8.106.0/24 1755 2874
160.8.110.0/23 1755 2874
161.52.192.0/19 1653 2843 2845
164.9.190.0/31 1755 3300
164.9.194.0/31 1755 3300
164.9.196.0/24 1755 3300
166.38.40.0/24 3561
166.147.0.0/18 3561
166.147.192.0/18 3561
166.150.0.0/18 3561
166.150.64.0/18 3561
166.150.128.0/18 3561
166.150.192.0/18 3561
166.151.0.0/18 3561
166.151.64.0/18 3561
166.151.128.0/18 3561
166.151.192.0/18 3561
167.170.7.0/24 1755 3300 3302 3313
170.194.51.0/24 1801 786 1849
171.25.128.0/20 1755 3300
171.25.144.0/21 1755 3300
192.108.149.128/26 1804 1128 2605 1902 1922
193.172.1.192/27 1804 1128 2043
194.45.40.161/32 1755 517
194.45.120.0/26 1755 517
194.45.120.64/26 1755 517
194.45.120.128/26 1755 517
194.45.121.0/28 1755 517
194.45.121.128/28 1755 517
194.45.121.192/28 1755 517
194.45.236.64/28 1755 517
194.45.236.80/28 1755 517
198.226.1.80/28 3561
- --
[206/8 more-specifics]
[ prefix as-path ]
206.12.1.0 3561 577 271
206.12.2.0 3561 577 271
206.12.8.0 3561 577 271
206.12.10.0 3561 577 271
206.12.11.0 3561 577 271
206.12.15.0 3561 577 271
206.12.16.0 3561 577 271
206.12.17.0 3561 577 271
206.12.18.0 3561 577 271
206.12.19.0 3561 577 271
206.12.20.0 3561 577 271
206.12.21.0 3561 577 271
206.12.22.0 3561 577 271
206.12.23.0 3561 577 271
206.12.24.0 3561 577 271
206.12.25.0 3561 577 271
206.12.26.0 3561 577 271
206.12.32.0 3561 577 271
206.12.33.0 3561 577 271
206.12.34.0 3561 577 271
206.12.35.0 3561 577 271
206.12.36.0 3561 577 271
206.12.37.0 3561 577 271
206.12.38.0 3561 577 271
206.12.39.0 3561 577 271
206.12.40.0 3561 577 271
206.12.41.0 3561 577 271
206.12.42.0 3561 577 271
206.12.43.0 3561 577 271
206.12.44.0 3561 577 271
206.12.45.0 3561 577 271
206.12.46.0 3561 577 271
206.12.47.0 3561 577 271
206.12.59.0 3561 577 271
206.12.96.0 690 1331 1691
206.12.101.0 3830 4064 3609
206.12.108.0 3830 4064 3609
206.12.111.0 690 1331 1691
206.12.112.0 3830 4064 3609
206.12.113.0 3830 4064 3609
206.12.114.0 3830 4064 3609
206.12.115.0 3830 4064 3609
206.12.117.0 690 1331 1691
206.12.118.0 3830 4064 3609
206.12.119.0 3830 4064 3609
206.12.126.0 3830 4064 3609
206.12.134.0 690 1331 1691
206.12.151.0 690 1331 1691
206.12.153.0 3830 4064 3609
206.12.154.0 3561 2493
206.12.156.0 3830 4064 3609
206.12.158.0 3830 4064 3609
206.12.159.0 3830 4064 3609
206.12.168.0 3830 4064 3609
206.12.169.0 3830 4064 3609
206.12.170.0 3830 4064 3609
206.12.171.0 3830 4064 3609
206.12.172.0 3830 4064 3609
206.12.173.0 3830 4064 3609
206.12.174.0 3830 4064 3609
206.12.175.0 690 1331 1691
206.12.176.0 690 1331 1691
206.12.177.0 690 1331 1691
206.12.178.0 690 1331 1691
206.12.179.0 690 1331 1691
206.12.180.0 690 1331 1691
206.12.181.0 690 1331 1691
206.12.186.0 3830 4064 3609
206.12.187.0 3561 2493
206.12.188.0 690 1331 1691
206.12.202.0/23 3561 5071
206.12.206.0 3561 5071
206.12.208.0 3561 5071
206.12.226.0 690 1331 1691
206.12.227.0 690 1331 1691
206.12.229.0 690 1331 1691
206.12.230.0 690 1331 1691
206.12.237.0 3561 5071
206.12.238.0/23 3561 5071
206.12.241.0 690 1331 1691
206.12.247.0 690 1331 1691
206.13.0.0/19 3830 4200 5671
206.13.32.0/19 3830 4200 5672
206.13.64.0/19 3830 4200 5672
206.13.96.0/20 3830 4200 5672
206.15.32.0/19 3561 1746
206.15.64.0/19 3830 4200 4540
206.15.96.0/19 3561 560
206.15.128.0/19 3561 560
206.16.206.0 1740
206.16.208.0 1740
206.16.209.0 1740
206.16.210.0 1740
206.16.211.0 1740
206.16.212.0 1740
206.16.213.0 1740
206.16.214.0 1740
206.16.215.0 1740
206.16.219.0 1740
206.16.221.0 1740
206.16.222.0 1740
206.17.4.0 1740
206.17.18.0 1740
206.24.0.0/19 3561
206.24.8.0/23 3561
206.24.28.0/23 3561
206.24.32.0/19 3561
206.24.44.0 3561
206.24.64.0/19 3561
206.24.96.0/19 3561
206.24.128.0/21 3561
206.24.136.0/21 3561
206.24.152.0/21 3561
206.24.160.0/21 3561
206.24.168.0/21 3561
206.24.172.0/22 3561
206.24.176.0/21 3561
206.24.192.0/21 3561
206.24.200.0/21 3561
206.24.216.0/21 3561
206.24.224.0/21 3561
206.25.0.0/19 3561
206.25.32.0/19 3561
206.25.36.0/23 3561
206.25.64.0/20 3561
206.25.64.0/19 3561
206.25.86.0/23 3561
206.25.88.0/22 3561
206.25.92.0/23 3561
206.25.94.0 3561
206.25.96.0/19 3561
206.25.128.0/19 3561
206.25.160.0/19 3561
206.25.168.0/23 3561
206.25.182.0 3561
206.25.184.0/23 3561
206.25.192.0/19 3561
206.25.224.0/19 3561
206.25.226.0/23 3561
206.26.0.0/19 3561
206.26.10.0/23 3561
206.26.32.0/19 3561
206.26.50.0/23 3561
206.26.64.0/19 3561
206.26.96.0/23 3561 5650
206.26.96.0/19 3561
206.26.98.0/23 3561
206.26.128.0/19 3561
206.26.142.0/23 3561
206.26.160.0/19 3561
206.26.192.0/19 3561
206.26.224.0/19 3561
206.27.64.0/19 3561
206.27.96.0/19 3561
206.27.128.0/19 3561
206.27.138.0/23 3561
206.27.160.0/19 3561 4947
206.27.192.0/19 3561
206.27.206.0 3830 4991 4959
206.27.207.0 3830 4991 4959
206.27.224.0/19 3561
206.27.236.0/23 3561
206.28.0.0/19 3561
206.28.16.0/22 3561
206.28.32.0/19 3561
206.28.64.0/19 3561
206.28.96.0/19 3561
206.28.110.0/23 3561
206.28.120.0/23 3561
206.28.122.0/23 3561
206.28.128.0/19 3561
206.28.158.0 3561
206.28.160.0/19 3561
206.28.172.0/23 3561
206.28.192.0/19 3561
206.28.224.0/19 3561
206.29.0.0/23 3561
206.29.0.0/19 3561
206.29.8.0/23 3561
206.29.14.0/23 3561
206.29.24.0/23 3561
206.29.29.0 3561
206.29.32.0/23 3561
206.29.32.0/19 3561
206.29.34.0/23 3561
206.29.36.0/23 3561
206.29.39.0 3561
206.29.64.0/20 3561
206.29.64.0/19 3561
206.29.88.0/21 3561
206.29.96.0/19 3561
206.29.108.0 3561
206.29.108.0/23 3561
206.29.114.0/23 3561
206.29.128.0/19 3561
206.29.160.0/19 3561
206.29.192.0/19 3561 5650
206.29.224.0/19 3561
206.30.0.0/19 3561
206.30.32.0/21 3561
206.30.32.0/19 3561
206.30.64.0/19 3561
206.30.96.0/19 3561
206.30.128.0/20 3561
206.30.128.0/19 3561
206.30.160.0/19 3561
206.30.180.0/23 3561
206.30.192.0/19 3561
206.30.208.0/23 3561
206.30.224.0/19 3561
206.30.228.0/23 3561
206.31.0.0/19 3561
206.31.32.0/19 3561
206.31.64.0/19 3561
206.31.96.0/19 3561
206.31.110.0/23 3561
206.31.116.0/23 3561
206.31.128.0/19 3561
206.31.130.0/23 3561
206.31.160.0/19 3561
206.31.192.0/19 3561
206.31.224.0/19 3561
206.31.226.0/23 3561
206.37.1.0 568
206.37.2.0 568
206.37.13.0 568
206.40.32.0/19 3830 4200 3720
206.40.64.0/19 701 3967
206.40.160.0/20 3561 114
206.40.192.0 3830 3491 4565
206.40.192.0/19 3830 3491 4565
206.40.221.0 3830 3491 4565
206.41.0.0/19 3561
206.41.32.0/21 3561 5109
206.41.64.0/21 3830 4388 4920
206.41.96.0/21 3561
206.41.160.0/22 3830 4200
206.41.164.0 3830 4200
206.41.165.0 3830 4200
206.41.166.0 3830 4200
206.41.167.0 3830 4200
206.41.168.0/23 3830 4200
206.41.170.0 3830 4200
206.41.171.0 3830 4200
206.41.172.0 3830 4200
206.41.173.0 3830 4200
206.41.177.0 3830 4200
206.41.178.0 3830 4200
206.41.214.0/23 3561
206.41.216.0/21 3561
206.43.0.0/19 3830 4388
206.43.36.0/22 3830 4388
206.43.64.0/19 701 3838 3838 3838 3838 3838 3838 3838
206.43.96.0 3830 4388
206.43.98.0/23 3830 4388
206.43.100.0 3830 4388
206.43.104.0 3830 4388
206.43.104.0/21 3830 4388
206.43.105.0 3830 4388
206.43.106.0 3830 4388
206.43.111.0 3830 4388
206.43.112.0/20 3830 4388
206.43.176.0/21 3830 4388
206.43.182.0 3830 4388
206.43.224.0/22 3830 4388
206.53.64.0/22 3830 4200
206.53.128.0 3561
206.53.224.0/19 3561
206.54.160.0/19 3561
206.54.192.0/22 3561 2150 226
206.55.1.0 3561 6618
206.55.2.0 3561 6618
206.55.3.0 3561 6618
206.55.4.0 3561 6618
206.55.5.0 3561 6618
206.55.6.0 3561 6618
206.55.10.0 3561 6618
206.55.12.0 3561 6618
206.55.13.0 3561 6618
206.55.14.0 3561 6618
206.55.15.0 3561 6618
206.55.16.0 3561 6618
206.55.17.0 3561 6618
206.55.18.0 3561 6618
206.55.19.0 3561 6618
206.55.20.0 3561 6618
206.55.21.0 3561 6618
206.55.23.0 3561 6618
206.55.24.0 3561 6618
206.55.25.0 3561 6618
206.55.26.0 3561 6618
206.55.30.0 3561 6618
206.55.55.0 3561 6618
206.55.56.0 3561 6618
206.55.57.0 3561 6618
206.55.58.0 3561 6618
206.55.59.0 3561 6618
206.55.60.0 3561 6618
206.55.61.0 3561 6618
206.55.62.0 3561 6618
206.55.63.0 3561 6618
206.55.128.0/19 3561 2150 226
206.62.4.0/22 3830 4200
206.64.48.0 701 3791
206.64.49.0 701 3791
206.64.50.0 701 3791
206.64.52.0 701 3791
206.64.53.0 701 3791
206.64.58.0 701 3791
206.64.59.0 701 3791
206.64.60.0 701 3791
206.64.62.0 701 3791
206.64.63.0 701 3791
206.64.123.0 701 5706
206.64.128.0 701 3397
206.64.130.0 701 3397
206.64.131.0 701 3397
206.64.132.0 701 3397
206.64.134.0 701 3397
206.64.147.0 3561 114
206.64.159.0 3830 4992 3803
206.66.1.0 701 4278
206.66.2.0 701 4278
206.66.3.0 701 4278
206.66.176.0 701 4206
206.66.177.0 701 4206
206.66.192.0 701 4438
206.71.128.0/21 701
206.71.160.0/21 3561
206.71.224.0/19 3561 3674
206.72.128.0/19 701
206.72.224.0/22 3561 279
206.73.70.0 3561 2150 226 1220
206.73.71.0 3561 2150 226 1220
206.73.72.0/22 3561 2150 226 1220
206.73.76.0/23 3561 2150 226 1220
206.73.78.0 3561 2150 226 1220
206.75.4.0 3561 577 542
206.75.6.0 3561 577 542
206.75.7.0 3561 577 542
206.75.19.0 690 1331 1684
206.75.224.0 3561 577 542
206.75.225.0 3561 577 542
206.75.250.0 690 1331 1684
206.80.0.0/19 3830 4447
206.80.64.0 1740
206.80.65.0 1740
206.80.66.0 1740
206.80.67.0 1740
206.80.68.0 1740
206.80.69.0 1740
206.80.70.0 1740
206.80.71.0 1740
206.80.224.0/21 701
206.81.224.0/19 701 4232
206.96.0.0/19 3561
206.96.32.0/19 3561
206.96.64.0/19 3561
206.96.96.0/23 3561
206.96.96.0/19 3561
206.96.104.0/22 3561
206.96.128.0/19 3561
206.96.160.0/21 3561
206.96.160.0/19 3561
206.96.192.0/19 3561
206.96.224.0/19 3561
206.97.0.0/19 3561
206.97.32.0/19 3561
206.97.64.0/20 3561
206.97.64.0/19 3561
206.97.96.0/19 3561
206.97.128.0/19 3561
206.97.160.0/19 3561
206.97.192.0/19 3561
206.97.224.0/19 3561
206.98.0.0/19 3561
206.98.32.0/23 3561
206.98.32.0/19 3561
206.98.64.0/19 3561
206.98.96.0/19 3561
206.98.128.0/19 3561
206.98.160.0/19 3561
206.98.192.0/19 3561
206.98.224.0/19 3561
206.99.0.0/19 3561
206.99.32.0/19 3561
206.99.64.0/19 3561
206.99.90.0 3561
206.99.96.0/19 3561
206.99.128.0/19 3561
206.99.160.0/19 3561
206.99.192.0/19 3561
206.99.224.0/19 3561
206.100.0.0/19 3561
206.100.32.0/19 3561
206.112.32.0/19 701 5053
206.116.1.0 3561 2493
206.116.4.0 3561 2493
206.116.5.0 3561 2493
206.116.6.0 3561 2493
206.116.10.0 3561 2493
206.116.11.0 3561 2493
206.128.23.0 701 3791
206.139.72.0/23 3561
206.195.64.0/19 3561 3909
206.196.0.0/20 3561
206.196.32.0/20 3830 4991
206.196.64.0/20 3561
206.196.96.0/20 3561 4205
206.196.160.0/19 690 2548
206.197.2.0 701
206.197.19.0 3561
206.197.51.0 701
206.197.68.0 690 1332
206.197.95.0 3830 3491 3739
206.197.101.0 86 225
206.197.103.0 3830 4992
206.197.133.0 3830 4992
206.197.138.0 1740
206.197.143.0 3561
206.197.184.0 3830 4994
206.197.204.0 701 2927
206.201.192.0/20 701
206.209.176.0/21 3561
206.209.183.0 3561
206.209.184.0/22 3561
206.209.188.0/23 3561
Current thread:
- filtering long prefixes Sean Doran (Sep 21)
- Re: filtering long prefixes Geert Jan de Groot (Sep 21)
- filtering long prefixes Mark Kent (Sep 21)
- Re: filtering long prefixes Hans-Werner Braun (Sep 21)
- Re: filtering long prefixes Nick Williams (Sep 21)
- Re: filtering long prefixes John Bradley (Sep 21)
- <Possible follow-ups>
- Re: filtering long prefixes Sean Doran (Sep 21)
- Re: filtering long prefixes Sean Doran (Sep 21)
- Re: filtering long prefixes Willi Huber (Sep 26)
- Re: filtering long prefixes Sean Doran (Sep 21)
- filtering long prefixes Mark Kent (Sep 21)
(Thread continues...)