nanog mailing list archives
Re: Time to add 2002::/16 to bogon filters?
From: Wes George <wesgeorge () puck nether net>
Date: Tue, 19 Jun 2018 14:16:15 -0400
On 6/18/18 7:34 PM, Mark Andrews wrote:
If a ASN is announcing 2002::/16 then they are are happy to get the traffic. It they don’t want it all they have to do is withdraw the prefix. It is not up to the rest of us to second guess their decision to keep providing support.
WG] I don't think that this is intentional in most cases anymore. It's most likely legacy cruft/zombie services. Because it mostly operates unattended and the few that are still using it probably don't notice when it breaks nor can they figure out to whom they should complain because anycast makes that nearly impossible, it continues operating quietly in the dusty and disused corners of the net below a sign saying "beware of the leopard" until the equipment gets retired or dies of old age. Also this argument would carry more weight if it hadn't already been had and concluded with RFC7526, and if it wasn't completely disabled on MS products now: https://docs.microsoft.com/en-us/windows/deployment/planning/windows-10-1803-removed-features#features-were-no-longer-developing
If you filter 2002::/16 then you are performing a denial-of-service attack on the few sites that are still using it DELIBERATELY.
WG] As opposed to the unintentional denial-of-service attacks that happen all the time because of the inherent flaws in the implementation and the low importance people place on first-class deployments of this service? Sites that are still using it deliberately should have found a more reliable solution years ago, even if it's a statically-provisioned GRE or 6in4 tunnel. Plenty of tunnel brokers out there to facilitate this if native IPv6 still isn't available. Keeping this around past its sell-by date is simply enabling bad behavior and a bad user experience for IPv6. Wes George
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Re: Time to add 2002::/16 to bogon filters?, (continued)
- Re: Time to add 2002::/16 to bogon filters? Mark Andrews (Jun 18)
- Re: Time to add 2002::/16 to bogon filters? Ca By (Jun 18)
- Re: Time to add 2002::/16 to bogon filters? Mark Andrews (Jun 18)
- Re: Time to add 2002::/16 to bogon filters? Ca By (Jun 18)
- Re: Time to add 2002::/16 to bogon filters? Harald Koch (Jun 18)
- Re: Time to add 2002::/16 to bogon filters? Jared Mauch (Jun 18)
- Re: Time to add 2002::/16 to bogon filters? j k (Jun 18)
- Re: Time to add 2002::/16 to bogon filters? joel jaeggli (Jun 18)
- Re: Time to add 2002::/16 to bogon filters? Tony Finch (Jun 19)
- Re: Time to add 2002::/16 to bogon filters? Niels Bakker (Jun 19)
- Re: Time to add 2002::/16 to bogon filters? Wes George (Jun 19)
- Re: Time to add 2002::/16 to bogon filters? Mark Andrews (Jun 19)
- Re: Time to add 2002::/16 to bogon filters? Jared Mauch (Jun 19)