nanog mailing list archives
RE: 69/8...this sucks
From: "Frank Scalzo" <frank.scalzo () amerinex net>
Date: Mon, 10 Mar 2003 21:25:39 -0500
We don't need the adminstrative headache of ICANN/ARIN/RIRs on this. Someone could just do it with a private ASN and advertise the route with an arbitrarily null routed next-hop. That doesn't solve the problem of bad filters on firewalls. The problem is lots of books/webpages/templates/etc. say filter bogons. People not smart enough to understand the responsibilities of doing so implement it and forget it. Instead of trying to beat up on the large numbers of people who lack sufficient clue, why isn't the pressure turned to the authors that are irresponsibly and blindly recommending the wide spread use of these filters? I would think we would have more success targeting the people authoring this stuff. There are at most hundreds of authors. There is at least thousands of twits... Funny the media gets all excited about BGP security and dDos attacks against a root nameserver yet no one ever seems to mention the real scalability issues like that we can't allocate large parts of the net because many network operators aren't bright enough to update filters. Frank -----Original Message----- From: Owen DeLong [mailto:owen () delong com] Sent: Monday, March 10, 2003 8:16 PM To: nanog () merit edu Subject: Re: 69/8...this sucks OK... I'm late to this discussion (been mostly ignoring it due to volume in other places), but, Sean's 911->855 mail makes me wonder... It seems to me that it would be relatively simple to solve this problem by doing the following: 1. ICANN (or an ICANN designee, such as ARIN) shall issue an ASN range of 20 ASNs to be used as BOGON-ORIGINATE. 2. Each RIR should operate one or more routers with an open peering policy which will perform the following functions: A. Advertise all unissued space allocated to the RIR as originating from an ASN allocated to <RIR>-BOGON. B. Peer with the corresponding routers at each of the other RIRs and accept and readvertise their BOGON list through BGP. C. Provide a full BOGON feed to any router that chooses to peer, but not accept any routes or non-BGP traffic from those routers. 3. Any provider which wishes to filter BOGONs could peer with the closest one or two of these and set up route maps that modify the next-hop for all BOGONs to be an address which is statically routed to NULL0 on each of their routers. Apologies if this has been discussed before, but, it seems to me that this is the easiest way to make the data readily available to the community directly from the maintainers of the databases in a fashion which is automatically up to date. Owen
Current thread:
- scope of the 69/8 problem, (continued)
- scope of the 69/8 problem E.B. Dreger (Mar 10)
- Re: scope of the 69/8 problem Stephen Sprunk (Mar 11)
- Re: scope of the 69/8 problem jlewis (Mar 11)
- Re: scope of the 69/8 problem bdragon (Mar 19)
- scope of the 69/8 problem E.B. Dreger (Mar 10)
- Re: 69/8...this sucks Brandon Butterworth (Mar 10)
- Re: 69/8...this sucks Joel Jaeggli (Mar 10)
- Re: 69/8...this sucks Owen DeLong (Mar 10)
- Re: 69/8...this sucks Hank Nussbacher (Mar 11)
- Re: 69/8...this sucks Stephen J. Wilcox (Mar 11)
- Re: 69/8...this sucks Owen DeLong (Mar 11)
- Re: 69/8...this sucks Joel Jaeggli (Mar 10)
- RE: 69/8...this sucks jlewis (Mar 10)
- Re: 69/8...this sucks Jack Bates (Mar 10)
- RE: 69/8...this sucks Haesu (Mar 10)
- Re: 69/8...this sucks Joe Boyce (Mar 11)
- Re: 69/8...this sucks Owen DeLong (Mar 11)
- Re: 69/8...this sucks Richard A Steenbergen (Mar 11)
- Re: 69/8...this sucks Andy Dills (Mar 11)
- Re: 69/8...this sucks Randy Bush (Mar 11)
- Re: 69/8...this sucks Alec H. Peterson (Mar 11)
- Re: 69/8...this sucks william (Mar 11)