Time to add 2002::/16 to bogon filters?

Wes George wesgeorge at puck.nether.net
Tue Jun 19 18:16:15 UTC 2018


On 6/18/18 7:34 PM, Mark Andrews wrote:

> If a ASN is announcing 2002::/16 then they are are happy to get the traffic.  It
> they don’t want it all they have to do is withdraw the prefix.  It is not up to
> the rest of us to second guess their decision to keep providing support.
WG] I don't think that this is intentional in most cases anymore. It's
most likely legacy cruft/zombie services. Because it mostly operates
unattended and the few that are still using it probably don't notice
when it breaks nor can they figure out to whom they should complain
because anycast makes that nearly impossible, it continues operating
quietly in the dusty and disused corners of the net below a sign saying
"beware of the leopard" until the equipment gets retired or dies of old
age. Also this argument would carry more weight if it hadn't already
been had and concluded with RFC7526, and if it wasn't completely
disabled on MS products now:
https://docs.microsoft.com/en-us/windows/deployment/planning/windows-10-1803-removed-features#features-were-no-longer-developing
>
> If you filter 2002::/16 then you are performing a denial-of-service attack on
> the few sites that are still using it DELIBERATELY.
WG] As opposed to the unintentional denial-of-service attacks that
happen all the time because of the inherent flaws in the implementation
and the low importance people place on first-class deployments of this
service? Sites that are still using it deliberately should have found a
more reliable solution years ago, even if it's a statically-provisioned
GRE or 6in4 tunnel. Plenty of tunnel brokers out there to facilitate
this if native IPv6 still isn't available. Keeping this around past its
sell-by date is simply enabling bad behavior and a bad user experience
for IPv6.

Wes George

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20180619/6c8af091/attachment.sig>


More information about the NANOG mailing list