North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: New Draft Document: De-boganising New Address Blocks

  • From: Timothy Brown
  • Date: Tue Feb 24 22:31:39 2004

> Completewhois bogon ip lists provide data on ip blocks that are not allocated
> by RIRs to ISPs (rather then just list of /8 blocks not allocated by IANA 
> to RIRs as for example cymru does). The list can be used for anti-spam 
> filtering through dns using rbl-like feed at

As you say, you could use your "bogon ip lists" DNS feed for anti-spam
purposes, but that wasn't the original subject of this discussion and has
no relevance here.  With regards to using your lists for the filtering of
invalid space, your own service has been proven to be little more than 
unreliable and incorrect in the case of the hijacked IP blocks.   Most 
people appear to trust the Cymru effort for this data.   I think tracking 
the blocks that are allocated by RIRs to ISPs is a little unwieldy at 
this time, and i'd rather not trust a third party source of this data 
without some verifiability, which to date, you have not been proven 
capable of.  Even the RIRs have accuracy problems.

> > Uh, bogon route server, hello?
> > 
> >
> Unfortunetly this is kind-of a bgp hack and as has been already mentioned 
> it needs very carefull implemention and if not done right it leads to 
> leaks like we saw in the today's "" thread on nanog-l. 

I disagree with the view that it is a hack.  It's no more a hack
than using a DNS feed; as with any solution, everything depends on your
cluefulness during implementation and your awareness of what you're doing
to your network.  

The reality is that I agree with you when it comes to more features from 
vendors in order to support involved external filtering changes,
but the practical side shows that the way to do this today is via a prefix
update via the routing protocol,  unless you go the route of other providers 
who have implemented a strict regime for the management of configuations and
their nightly updates.  Then again, we can debate functions of the control 
plane and the desire to reduce reliance on external systems in a routing