nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: "Tactical" /24 announcements

From: Baldur Norddahl <baldur.norddahl () gmail com>
Date: Sat, 14 Aug 2021 00:34:54 +0200
On Fri, Aug 13, 2021 at 10:53 PM Amir Herzberg <amir.lists () gmail com> wrote:



I think it isn't the same.



I am still not sure but maybe I misunderstood what you originally said. It
is probably not important.



I think that the NANOG (or in general, operators) community may do well to
state the `/24 rule' clearly in a BCP, preferably an RFC. A mismatch in the
most-specific rule can definitely allow different problems (and attacks).
As mentioned above, RIPE has essentially done this (although could be more
explicit). I've seen a similar /48 rule for IPv6, btw.



I am not sure how big a problem this is. We only had this one case that I
described and it was easily fixed by allowing that one prefix from our
transit. The peer also offered to fix their announcement. But we did not
run with it for very long because we only reduced our routing table to
debug a different problem.

Maybe we could have a community or other mechanism to mark the few routes
that can not be dropped in exchange for a default route.

For all the stub networks out there we should be able to aggressively
filter routes without much harm.

Regards,

Baldur
Previous By Date Next
Previous By Thread Next

Current thread: