|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: 69/8...this sucks
On Mon, 10 Mar 2003, Owen DeLong wrote: > It seems to me that it would be relatively simple to solve this problem by > doing the following: > > 1. ICANN (or an ICANN designee, such as ARIN) shall issue an ASN range > of 20 ASNs to be used as BOGON-ORIGINATE. Why not just one or private/reserved? > 2. Each RIR should operate one or more routers with an open peering > policy which will perform the following functions: > > A. Advertise all unissued space allocated to the RIR as > originating from an ASN allocated to <RIR>-BOGON. > > B. Peer with the corresponding routers at each of the other > RIRs and accept and readvertise their BOGON list through > BGP. > > C. Provide a full BOGON feed to any router that chooses to > peer, but not accept any routes or non-BGP traffic from > those routers. Of course, configure it wrong and you would end up sending all the junk that you would have null routed to your RIR. Sounds messy. Whats more I can see potential whenever we start creating these kind of self propagating blackholes for hackers to introduce genuine address blocks to create a DDoS. > > > 3. Any provider which wishes to filter BOGONs could peer with the > closest one or two of these and set up route maps that modify > the next-hop for all BOGONs to be an address which is statically > routed to NULL0 on each of their routers. How many ebgp sessions do the RIRs need to maintain?? A lot.. and the maintenance would be a nightmare. Dont think this will work purely because of that overhead you create!! Steve > Apologies if this has been discussed before, but, it seems to me that this > is the easiest way to make the data readily available to the community > directly from the maintainers of the databases in a fashion which is > automatically up to date. There are other ways that dont use BGP peering to create lists that are more suitable Steve
|