De-bogonising 2a10::/12

Brandon Martin lists.nanog at monmotha.net
Fri Jan 10 21:18:47 UTC 2020


On 1/10/20 2:49 PM, Baldur Norddahl wrote:
> The only way for me to send out traffic to bogons is if one my peers 
> announces a bogon prefix. Even if I did null route bogons, manually or 
> through the use of the Cymru service, a peer could still announce a more 
> specific and override that.

The idea isn't necessarily that you explicitly null-route them but 
rather that you block/ignore announcements of them on the assumption 
that malfeasants may be attepmting to squat on them or otherwise use 
them for some form of, well, malfeasance.  As such, the filter you build 
isn't just e.g. "2a10::/12" (if indeed that range was to be considered a 
single bogon) but rather "2a10::/12 ge 12" which means you'd block 
more-specifics within that range, too.

> Is there a way to use the RPKI system to ensure bogons are simply 
> invalid? Seems much more effective to me. 

Someone like ICANN or IANA could publish an ROA to a reserved ASN (or to 
no ASN - is that possible?) for all unallocated space or something of 
the like, I suppose.
-- 
Brandon Martin



More information about the NANOG mailing list