What is the most standard subnet length on internet
Nathan Ward
nanog at daork.net
Tue Dec 23 09:02:27 UTC 2008
On 23/12/2008, at 6:40 PM, Church, Charles wrote:
> I help a buddy who works for a small ISP. I believe they're
> ignoring or
> null routing large chunks of APNIC. Their customers are aware of the
> policy, and cool with it. Port scanning and other malicious stuff
> dropped 50% afterwards.
That sort of thing is common, sure (unfortunately).
My question (comment?) is more around why people would filter /24 (or
whatever) prefixes (ie. when advertised a /24 prefix over BGP not
accept it, so they do not get a route for that /24), and then not have
a default. That route is used for outgoing packets, not incoming ones
(modulo RPF, etc.).
The purpose of filtering the /24s is to keep the size of their RIB/FIB
down, not to limit abuse or something. If you are close to the edge of
the network, filtering /24s is a low hanging fruit way to catch a
whole lot of pointless routes that don't really gain you much
performance benefit, but are going to cost you lots of RIB/FIB space.
However, you really need to have a covering default, so you still have
some way to reach the people in those /24s.
> From: Skywing [mailto:Skywing at valhallalegends.com]
>
> Snarky replies aside, it might be interesting to hear if there are any
> real examples of this being done intentionally and not out of not
> knowing better or otherwise configuration error. For example, Tomas
> Byrnes's suggestion re: hijacking; although, I suspect that in that
> case, he's speaking of someone doing this filtering on a one-off basis
> and not on all /24's in the DFZ.
Yep, that is what I'm interested in.
It would be perhaps an interesting exercise to only accept prefixes
for which you do not have a covering prefix with the same next-hop,
etc. I wonder if router vendors already do that internally as an
optimisation when installing routes in to the forwarding hardware?
You would have to still have the routes in your RIB but RIB RAM is
cheap(er).
--
Nathan Ward
More information about the NANOG
mailing list