nanog mailing list archives
Re: New Draft Document: De-boganising New Address Blocks
From: Timothy Brown <tim () tux org>
Date: Tue, 24 Feb 2004 22:28:51 -0500
Completewhois bogon ip lists provide data on ip blocks that are not allocated by RIRs to ISPs (rather then just list of /8 blocks not allocated by IANA to RIRs as for example cymru does). The list can be used for anti-spam filtering through dns using rbl-like feed at bogons.dnsiplists.completewhois.com
As you say, you could use your "bogon ip lists" DNS feed for anti-spam purposes, but that wasn't the original subject of this discussion and has no relevance here. With regards to using your lists for the filtering of invalid space, your own service has been proven to be little more than unreliable and incorrect in the case of the hijacked IP blocks. Most people appear to trust the Cymru effort for this data. I think tracking the blocks that are allocated by RIRs to ISPs is a little unwieldy at this time, and i'd rather not trust a third party source of this data without some verifiability, which to date, you have not been proven capable of. Even the RIRs have accuracy problems.
Uh, bogon route server, hello? http://www.cymru.com/BGP/bogon-rs.htmlUnfortunetly this is kind-of a bgp hack and as has been already mentioned it needs very carefull implemention and if not done right it leads to leaks like we saw in the today's "168.0.0.0/6" thread on nanog-l.
I disagree with the view that it is a hack. It's no more a hack than using a DNS feed; as with any solution, everything depends on your cluefulness during implementation and your awareness of what you're doing to your network. The reality is that I agree with you when it comes to more features from vendors in order to support involved external filtering changes, but the practical side shows that the way to do this today is via a prefix update via the routing protocol, unless you go the route of other providers who have implemented a strict regime for the management of configuations and their nightly updates. Then again, we can debate functions of the control plane and the desire to reduce reliance on external systems in a routing product. Tim
Current thread:
- Re: New Draft Document: De-boganising New Address Blocks Michael . Dillon (Feb 24)
- Re: New Draft Document: De-boganising New Address Blocks Timothy Brown (Feb 24)
- Re: New Draft Document: De-boganising New Address Blocks william(at)elan.net (Feb 24)
- Re: New Draft Document: De-boganising New Address Blocks Timothy Brown (Feb 24)
- Re: New Draft Document: De-boganising New Address Blocks william(at)elan.net (Feb 24)
- Re: New Draft Document: De-boganising New Address Blocks william(at)elan.net (Feb 24)
- Re: New Draft Document: De-boganising New Address Blocks Timothy Brown (Feb 24)
- Re: New Draft Document: De-boganising New Address Blocks Daniel Karrenberg (Feb 24)
- Re: New Draft Document: De-boganising New Address Blocks Petri Helenius (Feb 24)
- <Possible follow-ups>
- RE: New Draft Document: De-boganising New Address Blocks Michel Py (Feb 24)
- RE: New Draft Document: De-boganising New Address Blocks william(at)elan.net (Feb 24)
- RE: New Draft Document: De-boganising New Address Blocks william(at)elan.net (Feb 24)
- RE: New Draft Document: De-boganising New Address Blocks william(at)elan.net (Feb 24)
- RE: New Draft Document: De-boganising New Address Blocks Michel Py (Feb 24)
- RE: New Draft Document: De-boganising New Address Blocks william(at)elan.net (Feb 24)
- RE: New Draft Document: De-boganising New Address Blocks Michael . Dillon (Feb 25)
- Re: New Draft Document: De-boganising New Address Blocks Randy Bush (Feb 25)