About RIPE | Contact  | Search | Sitemap    
Homepage RIPE  
RIPE Community Mail Archives
search  
     
Next Sectionyou are here: RIPE -> RIPE Maillists > Archives
RIPE Navigation Ends
About RIPE Maillists
Maillists Archive
Global Lists
Non Active Lists
RIPE NCC Navigation Ends
Next Section
<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: bogus BGP annoucements - some thoughts for relief

  • To: Kurt Kayser < >
  • From: Philip Smith < >
  • Date: Mon, 19 Jun 2000 18:48:04 +1000
Hi Kurt,

At 22:05 16/06/00 +0200, Kurt Kayser wrote:
Hi,

I'm trying to get rid of the section called
'Advertised IANA Reserved Addresses' in the
'RIPE NCC Region Weekly Routing Report'.
<snip>
If we want to try get some of this stuff out of the backbone and even decrease some (unnecessary) BGP-traffic, why not publish a 'ingress BGP-filterlist' that is endorsed by the RIPE-wg, RIPE or the community at large?
How about http://www.ietf.org/internet-drafts/draft-manning-dsua-03.txt which is a very good start for a list which should be applied on all external BGP peerings (inbound and outbound). A draft I would certainly like to see as a BCP RFC.... Maybe this working group could consider something like this as a recommendation to "the community", like RIPE-210 flap dampening parameters?

What it basically does is:

1. Reject illegal prefixes (127/8, 0/0, RFC1918, etc.)
2. Log orginiators (if wanted)
3. Decrease SPAM-complaints
4. Prevent abuse

It's low on CPU (it's no IP filter-list!), just a BGP-ingress filter.
I could post a Cisco prefix-filter list based on Bill Manning's draft, if that would help. It would certainly help with 1 and 2.

It may also be a service if ISPs with Cisco routers could apply "bgp neigh <x> remove-private-AS" on eBGP peerings so that origin private ASes (>64511) aren't leaked to the Internet.

I have even added some prefix-length filter, but this is another topic,
and depends on your upstream's policy. (I just can't stand /32s in the table!).
Some ISPs go as far as filtering on the regional registries minimum allocation sizes, and the unused former A space. However, I think this needs a little more diligence in following changes in registry policy (APNIC recently moved from /19 to /20), any address space returned to the common pool, and any new /8s being allocated to registries for distribution purposes.

Happily the announcements are much cleaner this week (certainly from the view used in producing the weekly routing reports). This morning I only saw the attached.

philip
--

List of Illegal AS's (Global)
-----------------------------

Bad AS Designation Network Transit AS Description
64602 PRIVATE 63.236.57.0/24 209 Qwest
64601 PRIVATE 63.236.90.0/24 209 Qwest
64513 PRIVATE 200.12.17.0/24 6471 ENTEL CHILE S.A.
65014 PRIVATE 208.185.113.0/24 6461 AboveNet Communicati

Advertised IANA Reserved Addresses
----------------------------------

Network Origin AS Description
39.96.40.224/30 14408 iCAIR
65.56.64.0/21 2941 Community News Service

--------------------------------------------------------
Philip Smith ph: +61 7 3238 8200
Consulting Engineering, Office of the CTO, Cisco Systems
--------------------------------------------------------



  • Post To The List:
<<< Chronological >>> Author    Subject <<< Threads >>>
 

Next Section
     About RIPE | Site Map | LIR Portal | About the RIPE NCC | Contact | © RIPE Community. All rights reserved.
RIPE.NET Homepage LIR Portal RIPE Community