What is the most standard subnet length on internet

Nathan Ward nanog at daork.net
Tue Dec 23 03:02:27 CST 2008


On 23/12/2008, at 6:40 PM, Church, Charles wrote:

> I help a buddy who works for a small ISP.  I believe they're  
> ignoring or
> null routing large chunks of APNIC.  Their customers are aware of the
> policy, and cool with it.  Port scanning and other malicious stuff
> dropped 50% afterwards.

That sort of thing is common, sure (unfortunately).

My question (comment?) is more around why people would filter /24 (or  
whatever) prefixes (ie. when advertised a /24 prefix over BGP not  
accept it, so they do not get a route for that /24), and then not have  
a default. That route is used for outgoing packets, not incoming ones  
(modulo RPF, etc.).

The purpose of filtering the /24s is to keep the size of their RIB/FIB  
down, not to limit abuse or something. If you are close to the edge of  
the network, filtering /24s is a low hanging fruit way to catch a  
whole lot of pointless routes that don't really gain you much  
performance benefit, but are going to cost you lots of RIB/FIB space.  
However, you really need to have a covering default, so you still have  
some way to reach the people in those /24s.

> From: Skywing [mailto:Skywing at valhallalegends.com]
>
> Snarky replies aside, it might be interesting to hear if there are any
> real examples of this being done intentionally and not out of not
> knowing better or otherwise configuration error.  For example, Tomas
> Byrnes's suggestion re: hijacking; although, I suspect that in that
> case, he's speaking of someone doing this filtering on a one-off basis
> and not on all /24's in the DFZ.


Yep, that is what I'm interested in.

It would be perhaps an interesting exercise to only accept prefixes  
for which you do not have a covering prefix with the same next-hop,  
etc. I wonder if router vendors already do that internally as an  
optimisation when installing routes in to the forwarding hardware?
You would have to still have the routes in your RIB but RIB RAM is  
cheap(er).

--
Nathan Ward








More information about the NANOG mailing list