Updated prefix filtering

Dave Taht dave.taht at gmail.com
Sat May 9 23:49:50 UTC 2015

On Fri, May 8, 2015 at 3:41 PM, Chaim Rieger <chaim.rieger at gmail.com> wrote:
> Best example  I’ve found is located at http://jonsblog.lewis.org/ <http://jonsblog.lewis.org/>
> I too ran out of space, Brocade, not Cisco though, and am looking to filter prefixes. did anybody do a more recent or updated filter list  since 2008 ?
> Offlist is fine.
> Oh and happy friday to all.

I have had a piece long on the spike on how we implemented bcp38 for
linux (openwrt) devices using the ipset facility.

We had a different use case (preventing all possible internal rfc1918
network addresses from escaping, while still allowing punching through
one layer of nat ), but the underlying ipset facility was easily
extendible to actually do bcp38 and fast to use, so that is what we
ended up calling the openwrt package. Please contact me offlist if you
would like a peek at that piece, because the article had some
structural problems and we never got around to finishing/publishing
it, and I would like to....

has there been a bcp38 equivalent published for ipv6?

Along the way source specific routing showed up for ipv6 and we ended
up obsoleting the concept of an ipv6 global default route entirely on
a linux based CPE router.

see: http://arxiv.org/pdf/1403.0445.pdf and some relevant homenet wg stuff.

d at nuc-client:~/babeld-1.6.0 $ ip -6 route

default from 2001:558:6045:e9:251a:738a:ac86:eaf6 via
fe80::28c6:8eff:febb:9ff0 dev eth0  proto babel  metric 1024
default from 2601:9:4e00:4cb0::/60 via fe80::28c6:8eff:febb:9ff0 dev
eth0  proto babel  metric 1024
default from fde5:dfb9:df90:fff0::/60 via fe80::225:90ff:fef4:a5c5 dev
eth0  proto babel  metric 1024

So this box will not forward any ipv6 not in the from(src) table.

Dave Täht

More information about the NANOG mailing list