On Mon, 10 Mar 2003, Owen DeLong wrote:
It seems to me that it would be relatively simple to solve this problem by doing the following:
1. ICANN (or an ICANN designee, such as ARIN) shall issue an ASN range of 20 ASNs to be used as BOGON-ORIGINATE.
Why not just one or private/reserved?
2. Each RIR should operate one or more routers with an open peering policy which will perform the following functions:
A. Advertise all unissued space allocated to the RIR as originating from an ASN allocated to <RIR>-BOGON.
B. Peer with the corresponding routers at each of the other RIRs and accept and readvertise their BOGON list through BGP.
C. Provide a full BOGON feed to any router that chooses to peer, but not accept any routes or non-BGP traffic from those routers.
Of course, configure it wrong and you would end up sending all the junk that you would have null routed to your RIR. Sounds messy. Whats more I can see potential whenever we start creating these kind of self propagating blackholes for hackers to introduce genuine address blocks to create a DDoS.
3. Any provider which wishes to filter BOGONs could peer with the closest one or two of these and set up route maps that modify the next-hop for all BOGONs to be an address which is statically routed to NULL0 on each of their routers.
How many ebgp sessions do the RIRs need to maintain?? A lot.. and the maintenance would be a nightmare. Dont think this will work purely because of that overhead you create!! Steve
Apologies if this has been discussed before, but, it seems to me that this is the easiest way to make the data readily available to the community directly from the maintainers of the databases in a fashion which is automatically up to date.
There are other ways that dont use BGP peering to create lists that are more suitable Steve