|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: New Draft Document: De-boganising New Address Blocks
> Completewhois bogon ip lists provide data on ip blocks that are not allocated > by RIRs to ISPs (rather then just list of /8 blocks not allocated by IANA > to RIRs as for example cymru does). The list can be used for anti-spam > filtering through dns using rbl-like feed at > bogons.dnsiplists.completewhois.com As you say, you could use your "bogon ip lists" DNS feed for anti-spam purposes, but that wasn't the original subject of this discussion and has no relevance here. With regards to using your lists for the filtering of invalid space, your own service has been proven to be little more than unreliable and incorrect in the case of the hijacked IP blocks. Most people appear to trust the Cymru effort for this data. I think tracking the blocks that are allocated by RIRs to ISPs is a little unwieldy at this time, and i'd rather not trust a third party source of this data without some verifiability, which to date, you have not been proven capable of. Even the RIRs have accuracy problems. > > Uh, bogon route server, hello? > > > > http://www.cymru.com/BGP/bogon-rs.html > Unfortunetly this is kind-of a bgp hack and as has been already mentioned > it needs very carefull implemention and if not done right it leads to > leaks like we saw in the today's "168.0.0.0/6" thread on nanog-l. I disagree with the view that it is a hack. It's no more a hack than using a DNS feed; as with any solution, everything depends on your cluefulness during implementation and your awareness of what you're doing to your network. The reality is that I agree with you when it comes to more features from vendors in order to support involved external filtering changes, but the practical side shows that the way to do this today is via a prefix update via the routing protocol, unless you go the route of other providers who have implemented a strict regime for the management of configuations and their nightly updates. Then again, we can debate functions of the control plane and the desire to reduce reliance on external systems in a routing product. Tim
|