De-bogonising 2a10::/12
Brandon Martin
lists.nanog at monmotha.net
Fri Jan 10 21:18:47 UTC 2020
On 1/10/20 2:49 PM, Baldur Norddahl wrote:
> The only way for me to send out traffic to bogons is if one my peers
> announces a bogon prefix. Even if I did null route bogons, manually or
> through the use of the Cymru service, a peer could still announce a more
> specific and override that.
The idea isn't necessarily that you explicitly null-route them but
rather that you block/ignore announcements of them on the assumption
that malfeasants may be attepmting to squat on them or otherwise use
them for some form of, well, malfeasance. As such, the filter you build
isn't just e.g. "2a10::/12" (if indeed that range was to be considered a
single bogon) but rather "2a10::/12 ge 12" which means you'd block
more-specifics within that range, too.
> Is there a way to use the RPKI system to ensure bogons are simply
> invalid? Seems much more effective to me.
Someone like ICANN or IANA could publish an ROA to a reserved ASN (or to
no ASN - is that possible?) for all unallocated space or something of
the like, I suppose.
--
Brandon Martin
More information about the NANOG
mailing list