North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Bogon filtering (don't ban me)

  • From: Iljitsch van Beijnum
  • Date: Sun Dec 05 20:10:02 2004

On 5-dec-04, at 22:06, Cliff Albert wrote:

So filtering at the /8 level as in the document linked above isn't really going to buy you much in practice.

/8 le /32 still stands for /8 and more-specifics as I remember ? :)
You don't say... What will they come up with next??

My point is that if there is even a small part of a /8 in use, then the /8 isn't in the bogon list. For instance, 191.0.0.0/8 isn't there, although AFAIK this space isn't used, it's just that 191.255.0.0/16 is "reserved".

Secondly not everything is about security but also about keeping routing
tables clean and useful, as more people noticed today.
If only we could...

Filtering bogons away is just an extra step in making sure that you
transport real traffic instead of bogus traffic of which you are 100%
sure that it's *useless* traffic. uRPF will fix it for your own network,
Right. So there is no need to use bogon lists.

but filtering bogon routes away in BGP will also make your downstream
a happier place.
You are assuming that there are significant bogon routes in the routing table. I'm sure there is bad stuff in the global routing table from time to time that Rob's bogon list will catch, but I seriously doubt it's very much. Injecting bogon routes so you can get past uRPF doesn't make sense (except maybe for the first hop AS) and for any other (ab)use such as spamming selecting something that isn't as obvious is much more useful.

(In any case, ISPs accepting bogon routes from their customers is completely unacceptable. Filtering routes from peers isn't always feasible, and even lack of source address filtering on ingress from customers can be excusable at times, but filtering BGP advertisements from customers is every ISP's sacred duty.)

The only argument from you I have seen against bogon filtering is the
fact that the lists aren't updated by certain parties.
I've never felt that it's useful. So one argument against is more than sufficient.

However, allow me to contradict myself by taking the position that it's better for us network operators to do bogon filtering so our customers don't have to, rather than have any fool with an ipfw or similar shoot himself in the foot. The preferred way to do this would be uRPF.