updating bogon filters for 83/8 and 84/8
Michel Py
michel at arneill-py.sacramento.ca.us
Sun Jan 11 20:42:04 UTC 2004
> Sean Donelan wrote:
> Don't forget about the other half of the problem.
> ISPs need to verify the network announcements by
> their downstream BGP networks.
Indeed, and it is clear to me that the future solution is some kind of a
certificate or something that can authenticate the block being
advertised. However, we're not there yet.
> Eventually most of the current "bogons" will be assigned,
> and bogon filters will continue to be less and less useful.
Indeed. I will point out two things though:
1. This is in 10+ years, likely. Nobody really knows when, one of the
reasons being:
2. As we allocate new blocks, part of them is for new use and part of
them is used to replace existing assignments. In this very case, at
least one of the ISPs concerned is getting a single new block and
releasing a bunch of other smaller blocks to RIPE. So we are actually
seing defragmentation of the routing table, which is good for everyone.
This leads to pushing back even further the exhaustion of space, because
we are allocating new space now but the space being freed by new
allocations that consolidate several blocks will be made available only
later.
Since everyone is gaining routing table size reduction in this deal, we
must encourage all that are willing to consolidate, and part of this is
removing the current inconvenience brought by slow updates of the bogon
filters, which in turn means more automation.
> On the other hand, positive verification will continue
> to improve the stability of the network.
Which is why the mechanism we are recommending is not limited to bogons
but targeted at more generic prefix filtering.
http://arneill-py.sacramento.ca.us/draft-py-idr-redisfilter-01.txt
Michel.
More information about the NANOG
mailing list