New Draft Document: De-boganising New Address Blocks

william(at)elan.net william at elan.net
Wed Feb 25 00:24:48 UTC 2004



On Tue, 24 Feb 2004, Timothy Brown wrote:

> On Tue, Feb 24, 2004 at 04:32:46PM +0000, Michael.Dillon at radianz.com wrote:
> > 
> > >The RIPE NCC has prepared a draft document titled "De-Bogonising New
> > >Address Blocks":
> > 
> > That is a misleading title.
I agree, consindering the block is still a bogon until it has been allocated
by RIPE to ISP, but advanced notification is still good. And its especially 
good that RIRs are actively trying to get involved in things like this.

> > The problem is that ISPs cannot react quickly enough
> > to open filters when new ranges are allocated. The proposed
> > solution is to provide advance notification. I suppose this
> > could allow ISPs to open filters before the new addresses
> > are actually in use officially.
> > 
> > However, it will also allow spammers to announce this
> > space and get it through bogon filters.

Completewhois bogon ip lists provide data on ip blocks that are not allocated
by RIRs to ISPs (rather then just list of /8 blocks not allocated by IANA 
to RIRs as for example cymru does). The list can be used for anti-spam 
filtering through dns using rbl-like feed at
 bogons.dnsiplists.completewhois.com

The actual list of all such RIR unallocated blocks is at:
 http://www.completewhois.com/bogons/data/bogons-cidr-all.txt

Similar list can also be created based on RIR ip statistics file (not right
now as they still have serious problems with not listing some legacy blocks,
but hopefully RIRs will finish the ERX and fix it all in the next year).

> > The real solution to this problem is to make it 
> > possible for ISPs to closely track RIR allocations
> > in their filters in a semi-automated way. There may
> > still be a few days of delay before a new allocation
> > is fully routable but ISPs can compensate for that
> > with internal processes. 
Yes, 24-36 hours delay exists before new allocations are cleared from 
bogon list when done in automated way. But I found that < 1% of the blocks are 
routed within first 24 hours of allocated (in fact 30% are still not 
routed 2 months after allocated).

> > Why can't ISPs subscribe to a feed of all new 
> > RIPE allocations in near real-time?
> 
> Uh, bogon route server, hello?
> 
> http://www.cymru.com/BGP/bogon-rs.html
Unfortunetly this is kind-of a bgp hack and as has been already mentioned 
it needs very carefull implemention and if not done right it leads to 
leaks like we saw in the today's "168.0.0.0/6" thread on nanog-l. 

What we do need is for ISPs and other organizations to urge vendors to
implement router software changes for distributed bgp filtering as has been
detailed in this draft (already mentioned quite extensively on other threads):
http://arneill-py.sacramento.ca.us/draft-py-idr-redisfilter-01.txt

-- 
William Leibzon
Elan Networks
william at elan.net




More information about the NANOG mailing list