North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Bogon filtering (don't ban me)

  • From: Michael.Dillon
  • Date: Mon Dec 06 06:34:27 2004

> The whole point that started this discussion is that bogon filtering is 
> HARMFUL a good part of the time. 

This may be so, but there are things that you
can do with an up to date bogon feed other
than filtering. That's why I suggested that
BGP may not be the best form for the feed but
for some reason LDAP is feared by people who
don't run mailservers or large LANs.

For instance, if you reflect all incoming
BGP announcements into a management system
then that system could compare them with 
an up-to-date bogin feed and alert the ops
staff when questionable announcements are
seen. Or it could trigger additional data
collection to be used in network forensics.

The point is that the bogon feed doesn't
need to be hooked directly into your routers.
This is what Patrick Gilmore does, i.e.
he takes the bogon feed into a managenment
system, generates an ACL and then periodically
applies the ACL to his routers. Presumably
that ACL gets checked by a clueful person
before it goes out.

Perhaps what we really need here is a BCP
document that describes the ways in which
a bogon feed can be integrated into network
operations. If you do RPF, then maybe it's not
needed for blocking traffic but you still
might like to know who is trying to announce
these bogon blocks to you.

--Michael Dillon