Gents, I thought I would pose the martians question here as well... I'm trying to find out additional information on the reasoning behind adding these martians to the Juniper's security appnote found on their website: Prefix Description 19.255.0.0/16 Ford Motor Company 129.156.0.0/16 Sun Microsystems 192.5.0.0/24 no match 192.9.200.0/24 no match 192.9.99.0/24 Sun Microsystems I don't see a single reference to these in Cisco's IOS Essentials www.cisco.com/public/cons/isp/documents/IOSEssentialsPDF.zip , Bill Manning's draft, www.ietf.org/internet-drafts/draft-manning-dsua-08.txt or Rob T's Bogon List. www.cymru.com/Documents/bogon-list.html I base my bogon filtering for the JUNOS Secure Template and JUNOS Secure BGP Template at www.qorbit.net/documents/junos-template.pdf www.qorbit.net/documents/junos-bgp-template.pdf www.qorbit.net/documents/junos-bgp-appnote.pdf on Rob's list. What are your thoughts on filtering the above prefixes? Are some of these worthy of being added to the master bogon list? Now, on to some of Juniper default martians: 128.0.0.0/16 191.255.0.0/16 192.0.0.0/24 223.255.255.0/24 These prefixes seem to be based on www.ietf.org/internet-drafts/draft-iana-special-ipv4-03.txt. I'm curious what the reasoning is behind selecting these prefixes only. Also, given that these may be allocated in the future (per the draft) what are your thoughts on having these in Juniper's default config? Perhaps these would be good additions to a dynamic (up-to-date) bogon list instead of a static placement in JUNOS even though they can be overridden if necessary. Thoughts? -- steve
Now, on to some of Juniper default martians: 128.0.0.0/16 191.255.0.0/16 192.0.0.0/24 223.255.255.0/24
These prefixes seem to be based on www.ietf.org/internet-drafts/draft-iana-special-ipv4-03.txt. I'm curious what the reasoning is behind selecting these prefixes only. Also, given that these may be allocated in the future (per the draft) what are your thoughts on having these in Juniper's default config? Perhaps these would be good additions to a dynamic (up-to-date) bogon list instead of a static placement in JUNOS even though they can be overridden if necessary.
Thoughts? -- steve
These nets were the "boundary" networks that defined classful delegations. To round it out properly, one should include the following: 0.255.255.0/24 126.0.0.0/24 127.255.255.0/24 ... <and the top end of the "D" space> with the advent of classless addressing (circa 1997) these "martian" spaces are vestigal. They can be assigned although it is unlikely that they will be placed into active use until there is much more of the v4 space delegated. The IANA draft is "retro" by including them as "special". They aren't these days. --bill
So as not to cause confusion, the complete current JUNOS martian list is: 0.0.0.0/8 127.0.0.0/8 128.0.0.0/16 191.255.0.0/16 192.0.0.0/24 223.255.255.0/24 240.0.0.0/4 My questions were on a select portion of these, and a portion of the ones listed in the security appnote on their website. Cheers, -- steve -----Original Message----- From: bmanning@karoshi.com [mailto:bmanning@karoshi.com] Sent: Wednesday, July 24, 2002 10:53 AM To: Stephen Gill Cc: nanog@merit.edu Subject: Re: Juniper security appnote + martians
Now, on to some of Juniper default martians: 128.0.0.0/16 191.255.0.0/16 192.0.0.0/24 223.255.255.0/24
These prefixes seem to be based on www.ietf.org/internet-drafts/draft-iana-special-ipv4-03.txt. I'm curious what the reasoning is behind selecting these prefixes only. Also, given that these may be allocated in the future (per the draft) what are your thoughts on having these in Juniper's default config? Perhaps these would be good additions to a dynamic (up-to-date) bogon list instead of a static placement in JUNOS even though they can be overridden if necessary.
Thoughts? -- steve
These nets were the "boundary" networks that defined classful delegations. To round it out properly, one should include the following: 0.255.255.0/24 126.0.0.0/24 127.255.255.0/24 ... <and the top end of the "D" space> with the advent of classless addressing (circa 1997) these "martian" spaces are vestigal. They can be assigned although it is unlikely that they will be placed into active use until there is much more of the v4 space delegated. The IANA draft is "retro" by including them as "special". They aren't these days. --bill
Gents, I thought I would pose the martians question here as well...
I'm trying to find out additional information on the reasoning behind adding these martians to the Juniper's security appnote found on their website:
Prefix Description 19.255.0.0/16 Ford Motor Company 129.156.0.0/16 Sun Microsystems 192.5.0.0/24 no match 192.9.200.0/24 no match 192.9.99.0/24 Sun Microsystems
A number of these prefixes were used in early documentation and as such were widely deployed by early adopters of IP. In the "bad old days" a large number of sites stood up IP networks in isolation, only interconecting -after- inital rollout was done. Consider it as an early empirical trials with RFC 1918 space :) Based on the confusion, 192.0.2.0/24 was earmarked for use in documentation... :) I know of no good reason why Juniper continues to flag these legacy blocks. --bill
participants (2)
-
bmanning@karoshi.com -
Stephen Gill