filtering long prefixes

• Previous message (by thread): CERT Advisory CA-95:11 - Sun Sendmail -oR Vulnerability
• Next message (by thread): filtering long prefixes
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I was talking to a set of customers of ours today,
some of whom were dealing with some long prefixes
which were being heard originating within SprintLink
and propagating to MCI.

This caused me to audit how well our edge filtering
was working, and to spend some time reworking the
filters that match long prefixes.

I shall post the text of the filter here tomorrowishly so
that everyone can look at how gross it is, comments-and-all.
Meanwhile, however, it seems correctly to implement this
policy, which is now many months old:

	reject BGP announcements which:

	-- are an old-style classful A network with a 
	   mask longer than 8 bits
		except for exp39, 39.0.0.0/8, where we
		allow prefixes to be up to 24 bits long
		and the two operational IBM prefixes:
		9.20.0.0/18 and 9.2.0.0/16.
	-- are an old-style classful B network with a 
	   mask longer than 16 bits
	-- are in the range of 206.0.0.0/8 to 239.0.0.0/8
	   with a mask longer than 18 bits
	-- has a mask longer than 24 bits

	[RSN we will also reject RFC1597 prefixes in
	 this list; currently another mechanism is
	 used to avoid hearing RFC1597 prefixes.]
	
Note that we accept prefixes in the range of 192.0.0.0/8 - 205.0.0.0/8
(known cordially as The Swamp) as long as the prefix is at
least 24 bits long.

Also, this is not cast in concrete; there was some discussion
of possibly allowing /19s at some point, and also some
discussion about attacking the top several octets of The Swamp, 
by allowing only /23s or shorter.

There has also been some talk about relaxing the maximum
mask length on 1.0.0.0/8 - 126.0.0.0/8 to something a bit
longer.  

I suspect all of this will be revisited at intervals,
however, I believe that the consensus at the NANOG in
Pittsburgh was that it'd be a good idea to post things
like this here.

Also, I note that we currently are not applying this list
*outbound* or against customer BGP sessions.  The reason for
this is quite simple -- call it a (very) small incentive for
other folks we peer with to apply the same kind of inbound
filter against very long prefixes.

I will admit that this is more a case of oversight than
direct engineering terrorism, however, at some point we
certainly will begin stopping the announcement of this
type of long prefix to our external peers, and in the mean
time it's useful to know that there really are people
out there who notice /32s and the like floating around,
and who complain about them.   That's a good thing.

Personally, I'd be grateful if people *did* toss long
prefixes gotten from SprintLink (and elsewhere), so
long as they tell people about it.

Penultimately, this filter is currently deployed at all
of SprintLink's edges, but not within ICM AS 1800.
This is principally to allow for differential comparisons
between what long prefixes the two networks see over the
next short while.  That makes it easier to see what we're
filtering out on the SprintLink side, in hopes of catching
botches and spending a couple of days firing off email
to people responsible for announcing long prefixes,
explaining why they should stop.

Finally, the list of the prefixes affected by the filter,
obtained by differential comparison between SL and ICM, is
below.  The classful subnets were noted in CIDRD; the stuff
in 206/8 is of some interest to the very-newly-connected
(connected, in fact, by people who probably didn't warn
their customers of the very very very old announcements I
made here and on CIDRD about precisely this filtering on
206/8, on 13 April, 23 June, 24 August, and other dates, and
at NANOGs and IETFs galore) are interesting: many (more than
120) are covered by idempotent less-specific aggregates
anyway, and others seem to be easily aggregatable, or 
just don't seem to go anywhere yet.

	Sean.
- --
Sean Doran <smd at sprint.net>

- -- cut here ----
[subnets of classful A space, classful B space, and all >/24s]
[ prefix  as-path ]
129.40.43.0/24		690	2685
129.40.202.0/24		690	2685
129.159.147.0/24	1755	2874
129.159.148.0/24	1755	2874
131.115.186.0/24	1755	3300
131.115.187.0/24	1755	3300
131.115.188.0/24	1755	3300
131.116.136.0/26	1755	3300
131.116.136.64/26	1755	3300
131.116.136.128/26	1755	3300
131.116.153.64/26	1755	3300
132.174.100.0/24	690	1325	4373
139.92.1.0/24		1804	1128	1275
145.17.100.0/24		1801	786	1849
147.186.219.64/26	1755	2874
148.185.45.0/24		1801	786	1849
148.252.1.0/24		1801	786	1849
149.212.64.0/23		1755	1759	544
151.185.100.0/22	3561
151.185.104.0/22	3561
151.185.108.0/23	3561
151.185.110.0/24	3561
152.129.186.0/24	3561	4478
155.140.123.0/24	1801	786	1849
159.24.7.64/26		3561	4286
159.189.128.0/19	3561	279	2048	{33035}
160.8.106.0/24		1755	2874
160.8.110.0/23		1755	2874
161.52.192.0/19		1653	2843	2845
164.9.190.0/31		1755	3300
164.9.194.0/31		1755	3300
164.9.196.0/24		1755	3300
166.38.40.0/24		3561
166.147.0.0/18		3561
166.147.192.0/18	3561
166.150.0.0/18		3561
166.150.64.0/18		3561
166.150.128.0/18	3561
166.150.192.0/18	3561
166.151.0.0/18		3561
166.151.64.0/18		3561
166.151.128.0/18	3561
166.151.192.0/18	3561
167.170.7.0/24		1755	3300	3302	3313
170.194.51.0/24		1801	786	1849
171.25.128.0/20		1755	3300
171.25.144.0/21		1755	3300
192.108.149.128/26	1804	1128	2605	1902	1922
193.172.1.192/27	1804	1128	2043
194.45.40.161/32	1755	517
194.45.120.0/26		1755	517
194.45.120.64/26	1755	517
194.45.120.128/26	1755	517
194.45.121.0/28		1755	517
194.45.121.128/28	1755	517
194.45.121.192/28	1755	517
194.45.236.64/28	1755	517
194.45.236.80/28	1755	517
198.226.1.80/28		3561
- --
[206/8	more-specifics]
[ prefix  as-path ]
206.12.1.0		3561	577	271
206.12.2.0		3561	577	271
206.12.8.0		3561	577	271
206.12.10.0		3561	577	271
206.12.11.0		3561	577	271
206.12.15.0		3561	577	271
206.12.16.0		3561	577	271
206.12.17.0		3561	577	271
206.12.18.0		3561	577	271
206.12.19.0		3561	577	271
206.12.20.0		3561	577	271
206.12.21.0		3561	577	271
206.12.22.0		3561	577	271
206.12.23.0		3561	577	271
206.12.24.0		3561	577	271
206.12.25.0		3561	577	271
206.12.26.0		3561	577	271
206.12.32.0		3561	577	271
206.12.33.0		3561	577	271
206.12.34.0		3561	577	271
206.12.35.0		3561	577	271
206.12.36.0		3561	577	271
206.12.37.0		3561	577	271
206.12.38.0		3561	577	271
206.12.39.0		3561	577	271
206.12.40.0		3561	577	271
206.12.41.0		3561	577	271
206.12.42.0		3561	577	271
206.12.43.0		3561	577	271
206.12.44.0		3561	577	271
206.12.45.0		3561	577	271
206.12.46.0		3561	577	271
206.12.47.0		3561	577	271
206.12.59.0		3561	577	271
206.12.96.0		690	1331	1691
206.12.101.0		3830	4064	3609
206.12.108.0		3830	4064	3609
206.12.111.0		690	1331	1691
206.12.112.0		3830	4064	3609
206.12.113.0		3830	4064	3609
206.12.114.0		3830	4064	3609
206.12.115.0		3830	4064	3609
206.12.117.0		690	1331	1691
206.12.118.0		3830	4064	3609
206.12.119.0		3830	4064	3609
206.12.126.0		3830	4064	3609
206.12.134.0		690	1331	1691
206.12.151.0		690	1331	1691
206.12.153.0		3830	4064	3609
206.12.154.0		3561	2493
206.12.156.0		3830	4064	3609
206.12.158.0		3830	4064	3609
206.12.159.0		3830	4064	3609
206.12.168.0		3830	4064	3609
206.12.169.0		3830	4064	3609
206.12.170.0		3830	4064	3609
206.12.171.0		3830	4064	3609
206.12.172.0		3830	4064	3609
206.12.173.0		3830	4064	3609
206.12.174.0		3830	4064	3609
206.12.175.0		690	1331	1691
206.12.176.0		690	1331	1691
206.12.177.0		690	1331	1691
206.12.178.0		690	1331	1691
206.12.179.0		690	1331	1691
206.12.180.0		690	1331	1691
206.12.181.0		690	1331	1691
206.12.186.0		3830	4064	3609
206.12.187.0		3561	2493
206.12.188.0		690	1331	1691
206.12.202.0/23		3561	5071
206.12.206.0		3561	5071
206.12.208.0		3561	5071
206.12.226.0		690	1331	1691
206.12.227.0		690	1331	1691
206.12.229.0		690	1331	1691
206.12.230.0		690	1331	1691
206.12.237.0		3561	5071
206.12.238.0/23		3561	5071
206.12.241.0		690	1331	1691
206.12.247.0		690	1331	1691
206.13.0.0/19		3830	4200	5671
206.13.32.0/19		3830	4200	5672
206.13.64.0/19		3830	4200	5672
206.13.96.0/20		3830	4200	5672
206.15.32.0/19		3561	1746
206.15.64.0/19		3830	4200	4540
206.15.96.0/19		3561	560
206.15.128.0/19		3561	560
206.16.206.0		1740
206.16.208.0		1740
206.16.209.0		1740
206.16.210.0		1740
206.16.211.0		1740
206.16.212.0		1740
206.16.213.0		1740
206.16.214.0		1740
206.16.215.0		1740
206.16.219.0		1740
206.16.221.0		1740
206.16.222.0		1740
206.17.4.0		1740
206.17.18.0		1740
206.24.0.0/19		3561
206.24.8.0/23		3561
206.24.28.0/23		3561
206.24.32.0/19		3561
206.24.44.0		3561
206.24.64.0/19		3561
206.24.96.0/19		3561
206.24.128.0/21		3561
206.24.136.0/21		3561
206.24.152.0/21		3561
206.24.160.0/21		3561
206.24.168.0/21		3561
206.24.172.0/22		3561
206.24.176.0/21		3561
206.24.192.0/21		3561
206.24.200.0/21		3561
206.24.216.0/21		3561
206.24.224.0/21		3561
206.25.0.0/19		3561
206.25.32.0/19		3561
206.25.36.0/23		3561
206.25.64.0/20		3561
206.25.64.0/19		3561
206.25.86.0/23		3561
206.25.88.0/22		3561
206.25.92.0/23		3561
206.25.94.0		3561
206.25.96.0/19		3561
206.25.128.0/19		3561
206.25.160.0/19		3561
206.25.168.0/23		3561
206.25.182.0		3561
206.25.184.0/23		3561
206.25.192.0/19		3561
206.25.224.0/19		3561
206.25.226.0/23		3561
206.26.0.0/19		3561
206.26.10.0/23		3561
206.26.32.0/19		3561
206.26.50.0/23		3561
206.26.64.0/19		3561
206.26.96.0/23		3561	5650
206.26.96.0/19		3561
206.26.98.0/23		3561
206.26.128.0/19		3561
206.26.142.0/23		3561
206.26.160.0/19		3561
206.26.192.0/19		3561
206.26.224.0/19		3561
206.27.64.0/19		3561
206.27.96.0/19		3561
206.27.128.0/19		3561
206.27.138.0/23		3561
206.27.160.0/19		3561	4947
206.27.192.0/19		3561
206.27.206.0		3830	4991	4959
206.27.207.0		3830	4991	4959
206.27.224.0/19		3561
206.27.236.0/23		3561
206.28.0.0/19		3561
206.28.16.0/22		3561
206.28.32.0/19		3561
206.28.64.0/19		3561
206.28.96.0/19		3561
206.28.110.0/23		3561
206.28.120.0/23		3561
206.28.122.0/23		3561
206.28.128.0/19		3561
206.28.158.0		3561
206.28.160.0/19		3561
206.28.172.0/23		3561
206.28.192.0/19		3561
206.28.224.0/19		3561
206.29.0.0/23		3561
206.29.0.0/19		3561
206.29.8.0/23		3561
206.29.14.0/23		3561
206.29.24.0/23		3561
206.29.29.0		3561
206.29.32.0/23		3561
206.29.32.0/19		3561
206.29.34.0/23		3561
206.29.36.0/23		3561
206.29.39.0		3561
206.29.64.0/20		3561
206.29.64.0/19		3561
206.29.88.0/21		3561
206.29.96.0/19		3561
206.29.108.0		3561
206.29.108.0/23		3561
206.29.114.0/23		3561
206.29.128.0/19		3561
206.29.160.0/19		3561
206.29.192.0/19		3561	5650
206.29.224.0/19		3561
206.30.0.0/19		3561
206.30.32.0/21		3561
206.30.32.0/19		3561
206.30.64.0/19		3561
206.30.96.0/19		3561
206.30.128.0/20		3561
206.30.128.0/19		3561
206.30.160.0/19		3561
206.30.180.0/23		3561
206.30.192.0/19		3561
206.30.208.0/23		3561
206.30.224.0/19		3561
206.30.228.0/23		3561
206.31.0.0/19		3561
206.31.32.0/19		3561
206.31.64.0/19		3561
206.31.96.0/19		3561
206.31.110.0/23		3561
206.31.116.0/23		3561
206.31.128.0/19		3561
206.31.130.0/23		3561
206.31.160.0/19		3561
206.31.192.0/19		3561
206.31.224.0/19		3561
206.31.226.0/23		3561
206.37.1.0		568
206.37.2.0		568
206.37.13.0		568
206.40.32.0/19		3830	4200	3720
206.40.64.0/19		701	3967
206.40.160.0/20		3561	114
206.40.192.0		3830	3491	4565
206.40.192.0/19		3830	3491	4565
206.40.221.0		3830	3491	4565
206.41.0.0/19		3561
206.41.32.0/21		3561	5109
206.41.64.0/21		3830	4388	4920
206.41.96.0/21		3561
206.41.160.0/22		3830	4200
206.41.164.0		3830	4200
206.41.165.0		3830	4200
206.41.166.0		3830	4200
206.41.167.0		3830	4200
206.41.168.0/23		3830	4200
206.41.170.0		3830	4200
206.41.171.0		3830	4200
206.41.172.0		3830	4200
206.41.173.0		3830	4200
206.41.177.0		3830	4200
206.41.178.0		3830	4200
206.41.214.0/23		3561
206.41.216.0/21		3561
206.43.0.0/19		3830	4388
206.43.36.0/22		3830	4388
206.43.64.0/19		701	3838	3838	3838	3838	3838	3838	3838
206.43.96.0		3830	4388
206.43.98.0/23		3830	4388
206.43.100.0		3830	4388
206.43.104.0		3830	4388
206.43.104.0/21		3830	4388
206.43.105.0		3830	4388
206.43.106.0		3830	4388
206.43.111.0		3830	4388
206.43.112.0/20		3830	4388
206.43.176.0/21		3830	4388
206.43.182.0		3830	4388
206.43.224.0/22		3830	4388
206.53.64.0/22		3830	4200
206.53.128.0		3561
206.53.224.0/19		3561
206.54.160.0/19		3561
206.54.192.0/22		3561	2150	226
206.55.1.0		3561	6618
206.55.2.0		3561	6618
206.55.3.0		3561	6618
206.55.4.0		3561	6618
206.55.5.0		3561	6618
206.55.6.0		3561	6618
206.55.10.0		3561	6618
206.55.12.0		3561	6618
206.55.13.0		3561	6618
206.55.14.0		3561	6618
206.55.15.0		3561	6618
206.55.16.0		3561	6618
206.55.17.0		3561	6618
206.55.18.0		3561	6618
206.55.19.0		3561	6618
206.55.20.0		3561	6618
206.55.21.0		3561	6618
206.55.23.0		3561	6618
206.55.24.0		3561	6618
206.55.25.0		3561	6618
206.55.26.0		3561	6618
206.55.30.0		3561	6618
206.55.55.0		3561	6618
206.55.56.0		3561	6618
206.55.57.0		3561	6618
206.55.58.0		3561	6618
206.55.59.0		3561	6618
206.55.60.0		3561	6618
206.55.61.0		3561	6618
206.55.62.0		3561	6618
206.55.63.0		3561	6618
206.55.128.0/19		3561	2150	226
206.62.4.0/22		3830	4200
206.64.48.0		701	3791
206.64.49.0		701	3791
206.64.50.0		701	3791
206.64.52.0		701	3791
206.64.53.0		701	3791
206.64.58.0		701	3791
206.64.59.0		701	3791
206.64.60.0		701	3791
206.64.62.0		701	3791
206.64.63.0		701	3791
206.64.123.0		701	5706
206.64.128.0		701	3397
206.64.130.0		701	3397
206.64.131.0		701	3397
206.64.132.0		701	3397
206.64.134.0		701	3397
206.64.147.0		3561	114
206.64.159.0		3830	4992	3803
206.66.1.0		701	4278
206.66.2.0		701	4278
206.66.3.0		701	4278
206.66.176.0		701	4206
206.66.177.0		701	4206
206.66.192.0		701	4438
206.71.128.0/21		701
206.71.160.0/21		3561
206.71.224.0/19		3561	3674
206.72.128.0/19		701
206.72.224.0/22		3561	279
206.73.70.0		3561	2150	226	1220
206.73.71.0		3561	2150	226	1220
206.73.72.0/22		3561	2150	226	1220
206.73.76.0/23		3561	2150	226	1220
206.73.78.0		3561	2150	226	1220
206.75.4.0		3561	577	542
206.75.6.0		3561	577	542
206.75.7.0		3561	577	542
206.75.19.0		690	1331	1684
206.75.224.0		3561	577	542
206.75.225.0		3561	577	542
206.75.250.0		690	1331	1684
206.80.0.0/19		3830	4447
206.80.64.0		1740
206.80.65.0		1740
206.80.66.0		1740
206.80.67.0		1740
206.80.68.0		1740
206.80.69.0		1740
206.80.70.0		1740
206.80.71.0		1740
206.80.224.0/21		701
206.81.224.0/19		701	4232
206.96.0.0/19		3561
206.96.32.0/19		3561
206.96.64.0/19		3561
206.96.96.0/23		3561
206.96.96.0/19		3561
206.96.104.0/22		3561
206.96.128.0/19		3561
206.96.160.0/21		3561
206.96.160.0/19		3561
206.96.192.0/19		3561
206.96.224.0/19		3561
206.97.0.0/19		3561
206.97.32.0/19		3561
206.97.64.0/20		3561
206.97.64.0/19		3561
206.97.96.0/19		3561
206.97.128.0/19		3561
206.97.160.0/19		3561
206.97.192.0/19		3561
206.97.224.0/19		3561
206.98.0.0/19		3561
206.98.32.0/23		3561
206.98.32.0/19		3561
206.98.64.0/19		3561
206.98.96.0/19		3561
206.98.128.0/19		3561
206.98.160.0/19		3561
206.98.192.0/19		3561
206.98.224.0/19		3561
206.99.0.0/19		3561
206.99.32.0/19		3561
206.99.64.0/19		3561
206.99.90.0		3561
206.99.96.0/19		3561
206.99.128.0/19		3561
206.99.160.0/19		3561
206.99.192.0/19		3561
206.99.224.0/19		3561
206.100.0.0/19		3561
206.100.32.0/19		3561
206.112.32.0/19		701	5053
206.116.1.0		3561	2493
206.116.4.0		3561	2493
206.116.5.0		3561	2493
206.116.6.0		3561	2493
206.116.10.0		3561	2493
206.116.11.0		3561	2493
206.128.23.0		701	3791
206.139.72.0/23		3561
206.195.64.0/19		3561	3909
206.196.0.0/20		3561
206.196.32.0/20		3830	4991
206.196.64.0/20		3561
206.196.96.0/20		3561	4205
206.196.160.0/19		690	2548
206.197.2.0		701
206.197.19.0		3561
206.197.51.0		701
206.197.68.0		690	1332
206.197.95.0		3830	3491	3739
206.197.101.0		86	225
206.197.103.0		3830	4992
206.197.133.0		3830	4992
206.197.138.0		1740
206.197.143.0		3561
206.197.184.0		3830	4994
206.197.204.0		701	2927
206.201.192.0/20		701
206.209.176.0/21		3561
206.209.183.0		3561
206.209.184.0/22		3561
206.209.188.0/23		3561

• Previous message (by thread): CERT Advisory CA-95:11 - Sun Sendmail -oR Vulnerability
• Next message (by thread): filtering long prefixes
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]