"Tactical" /24 announcements

Baldur Norddahl baldur.norddahl at gmail.com
Fri Aug 13 22:34:54 UTC 2021

On Fri, Aug 13, 2021 at 10:53 PM Amir Herzberg <amir.lists at gmail.com> wrote:

> I think it isn't the same.

I am still not sure but maybe I misunderstood what you originally said. It
is probably not important.

> I think that the NANOG (or in general, operators) community may do well to
> state the `/24 rule' clearly in a BCP, preferably an RFC. A mismatch in the
> most-specific rule can definitely allow different problems (and attacks).
> As mentioned above, RIPE has essentially done this (although could be more
> explicit). I've seen a similar /48 rule for IPv6, btw.

I am not sure how big a problem this is. We only had this one case that I
described and it was easily fixed by allowing that one prefix from our
transit. The peer also offered to fix their announcement. But we did not
run with it for very long because we only reduced our routing table to
debug a different problem.

Maybe we could have a community or other mechanism to mark the few routes
that can not be dropped in exchange for a default route.

For all the stub networks out there we should be able to aggressively
filter routes without much harm.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20210814/ede9ef85/attachment.html>

More information about the NANOG mailing list