nanog mailing list archives

Re: ipv6 bogon / martian filter - simple

From: Jeroen Massar <jeroen () unfix org>
Date: Tue, 15 Jun 2010 09:02:45 +0200

On 2010-06-15 01:37, Brandon Applegate wrote:

I mean really simple.  Like 2000::/3.  If it's not in there it's bogon,
yes ?


At the current time and hopefully for the next 20 years at least yes ;)

What I'm really asking, is for folks thoughts on using this - is it too
restrictive ?


You should be fine for the lifetime of your job plus several other
years. Like any configuration you need to document it and the reasoning
behind it and if possible flag it in a way that people will re-examine
it in time.

google(ipv6 filter) if you want a set of filters which are tighter than
that and actually there is another keyword that you should be using:

RPSL

See RFC2622/2650 there are various tools that can provide you with
filters based on that data. Please also tell your
customers/peers/transits to use it, many already do and it is the proper
way to do filtering on your network.

As for routes that are not in the RPSL databases, make a local registry
with them and just feed your tools from it, kicking the folks to put
them in RPSL though is a better method ;)

Greets,
 Jeroen

Current thread:

ipv6 bogon / martian filter - simple Brandon Applegate (Jun 14)
- Re: ipv6 bogon / martian filter - simple Seth Mattinen (Jun 14)
- Re: ipv6 bogon / martian filter - simple William F. Maton Sotomayor (Jun 14)
- Re: ipv6 bogon / martian filter - simple Jeroen Massar (Jun 15)
  - Re: ipv6 bogon / martian filter - simple Vesna Manojlovic (Jun 15)
- RE: ipv6 bogon / martian filter - simple George, Wes E IV [NTK] (Jun 15)