Bogon filtering (don't ban me either)

Fri Dec 3 18:41:32 UTC 2004

>On Fri, 3 Dec 2004, Hank Nussbacher wrote:
>
>>  "Blocks all IANA reserved IP address blocks"
>>
>>  The actual doc:
>> 
>><http://niatec.info/mediacontent/cisco/media/targets/resources_mod07/7_1_2_AutoSecure.pdf>
>
>Surprise, surprise.  The examples in that document are already out of date
>and filtering as bogons perfectly good IP space ARIN is handing out to
>members.
>
>The idea of a "default static bogon filter" being made part of IOS is a
>horrible idea.  It's bad enough getting the places that went to the
>trouble of setting up bogon filters to update them.  If everyone had them
>by default, that would likely break the Internet for signifigant numbers
>of people.  How many customer routers do you have on your networks that
>were installed years ago and never upgraded?  How out of date would their
>default bogon filters be now?
>
>----------------------------------------------------------------------
>  Jon Lewis                   |  I route
>  Senior Network Engineer     |  therefore you are
>  Atlantic Net                |
>_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

Isn't the path to hell is paved with good intentions?

It's not the first time Cisco routes have shipped with out of date 
software in them, or known bugs/issues that pop up later to cause 
problems.  ;-)  Seriously, I'm not knocking Cisco, I'm just telling 
it like it is.  If someone knows what they're doing they won't get 
burned on it.  There are a lot of other IOS commands/options that can 
be turned on to screw networks up much worse.  I don't fault Cisco 
for giving people the option.   It should have a warning though, when 
enabled that it is out of date and will break things.

Just thinking out loud here:

If Cisco wanted to do something related to bogon filtering, they 
should make routes that expire/self delete after a certain date. 
Routes with a time to live.  (NTP optional, but a set clock required 
to use the TTL routes).

Also, bogon lists, especially the ones that have been prepared by 
hand by someone so they can be cut/pasted into a router, should start 
with a remark line that says something along the lines of **WARNING 
DELETE AFTER FEB 2005! **  (Or, current date+ 4 months). I realize a 
lot of things can't be remarked, but any attempt to remark it, seems 
like it would be a good idea.  Some people don't read all the stuff 
in the web page before they scroll down, and copy the bogon list. 
Some people don't heed the warnings.  Some people leave their job 
after they put in bogons.  Some people are router consultants, and 
never see that router again.  Some people are too busy putting out 
fires and forget that 8 months have passed since they checked their 
bogons.

And some people are just stupid.  ;-)

A remark could go a long way to solving/preventing  the problem when 
the next person takes a look at the router's configuration.

The perfect solution to the bogon issue is constant diligence. 
Getting a route feed is a good seccond choice.  The third choice is 
to not use bogon filters at all.

In a perfect world, those in charge of allowing routes in to the 
global internet wouldn't allow bogons, because they would only allow 
announcements that they've checked out ahead of time.  And just like 
packet ingress filtering, it's a solution that probably won't happen 
any time soon.

-Jerry