Definition/Classification of Bogon
Hi Everyone, Just wanted to understand something about Bogons. As per RFC3871 - A "Bogon" (plural: "bogons") is a packet with an IP source address in an address block not yet allocated by IANA or the Regional Internet Registries (ARIN, RIPE, APNIC...) as well as all addresses reserved for private or special use by RFCs. See [RFC3330] and [RFC1918]. Q - Generally, Private or Reserved ASNs are considered as Bogon ASN but what about unallocated ASNs? Q - Is there any RFC (or even draft) which classify unallocated ASNs as Bogon as well? Additionally, Geoff Huston [1] explained all the possible classifications of "Bogon" in his blog post back in 2004 --> "Sometimes a bogon is just a case of keystroke error by a network operator, and the consequent bogons are entirely inadvertent, and other times it may be a disagreement between an end user and a registration authority" Q - In the above scenario when an RIR deregister a resource (IPv4/v6 or ASN) due to any disagreement (sometimes deregistration happens because of non-payment and can be resolved in a few days/weeks). How long should a service provider wait to mark them as bogon and stop advertising or accepting it? [1] - http://www.potaroo.net/ispcol/2004-04/2004-04-isp.htm
On Tue, Jul 24, 2018 at 7:24 AM, Aftab Siddiqui <aftab.siddiqui@gmail.com> wrote:
Q - Generally, Private or Reserved ASNs are considered as Bogon ASN but what about unallocated ASNs?
Hi Aftab, You can reasonably think of a bogon as any Internet number resource which according to the registration authority should not appear on whatever network is at issue.
Q - Is there any RFC (or even draft) which classify unallocated ASNs as Bogon as well?
The RFCs offer guidelines and conventions in this, not hard rules. It would be an error to treat them as hard rules.
Q - In the above scenario when an RIR deregister a resource (IPv4/v6 or ASN) due to any disagreement (sometimes deregistration happens because of non-payment and can be resolved in a few days/weeks). How long should a service provider wait to mark them as bogon and stop advertising or accepting it?
In my opinion: until the customer stops paying you or the authority assigns the resource to someone else. As long as the resource was properly assigned to the customer when they started advertising it, there's no real angle to forcibly ending it sooner. Regards, Bill Herrin -- William Herrin ................ herrin@dirtside.com bill@herrin.us Dirtside Systems ......... Web: <http://www.dirtside.com/>
Hi Bill, On Tue, 24 Jul 2018 at 23:03 William Herrin <bill@herrin.us> wrote:
On Tue, Jul 24, 2018 at 7:24 AM, Aftab Siddiqui <aftab.siddiqui@gmail.com> wrote:
Q - Generally, Private or Reserved ASNs are considered as Bogon ASN but what about unallocated ASNs?
Hi Aftab,
You can reasonably think of a bogon as any Internet number resource which according to the registration authority should not appear on whatever network is at issue.
Perfect definition. I have the same opinion. BUT
Q - Is there any RFC (or even draft) which classify unallocated ASNs as
Bogon as well?
The RFCs offer guidelines and conventions in this, not hard rules. It would be an error to treat them as hard rules.
Recently, during a discussion with few decent size service providers who pointed me to RFC3871 suggesting that the word Bogon is for "IP resources" only. Hence, I asked this question here.
Q - In the above scenario when an RIR deregister a resource (IPv4/v6 or ASN) due to any disagreement (sometimes deregistration happens because of non-payment and can be resolved in a few days/weeks). How long should a service provider wait to mark them as bogon and stop advertising or accepting it?
In my opinion: until the customer stops paying you or the authority assigns the resource to someone else. As long as the resource was properly assigned to the customer when they started advertising it, there's no real angle to forcibly ending it sooner.
This is the current practice though it isn't the best one.
On Tue, Jul 24, 2018, at 13:24, Aftab Siddiqui wrote:
Q - Generally, Private or Reserved ASNs are considered as Bogon ASN but what about unallocated ASNs?
If you don't have an automated update process running at decent time intervals (one week or more often, under no circumstance less than once a month) and you don't have processes in place that monitor that updates do happen properly with some corrective action being done when they don't - then stick with private or reserved. If you do have everything needed, and are aware that what is unallocated today may be allocated tomorrow, then you can (should) go with private+reserved+unallocated option.
Hi, On Wed, 25 Jul 2018 at 06:12 Radu-Adrian Feurdean < nanog@radu-adrian.feurdean.net> wrote:
On Tue, Jul 24, 2018, at 13:24, Aftab Siddiqui wrote:
Q - Generally, Private or Reserved ASNs are considered as Bogon ASN but what about unallocated ASNs?
If you don't have an automated update process running at decent time intervals (one week or more often, under no circumstance less than once a month) and you don't have processes in place that monitor that updates do happen properly with some corrective action being done when they don't - then stick with private or reserved.
If you do have everything needed, and are aware that what is unallocated today may be allocated tomorrow, then you can (should) go with private+reserved+unallocated option.
Exactly, getting the right and updated info is so tricky that people only filter Private+Reserved ASNs. Because of the same reason more than 600 unallocated ASNs are in the routing table as per the CIDR-Report. Wouldn't that be simple to parse the list and start updating filters on daily basis? I understand its troublesome for big operators. I've just started this so lets see what happens :) but I can tell that the diff on file created every night isn't much (around 10-20). http://www.cidr-report.org/as2.0/#Bogons
On 25/07/2018 05:37, Aftab Siddiqui wrote:
Exactly, getting the right and updated info is so tricky that people only filter Private+Reserved ASNs. Because of the same reason more than 600 unallocated ASNs are in the routing table as per the CIDR-Report.
Wouldn't that be simple to parse the list and start updating filters on daily basis? I understand its troublesome for big operators. I've just started this so lets see what happens :) but I can tell that the diff on file created every night isn't much (around 10-20).
Been there, done that - 15 years ago with Barry: https://www.nanog.org/meetings/nanog27/presentations/hank.pdf IPs, ASNs, it don't matter...no one gives a sh*t. Not today, not 15 years ago. Nowadays, the bible on being a good ISPs is defined by MANRS and if it don't appear there then you and I are clearly delusional. -Hank
participants (4)
-
Aftab Siddiqui
-
Hank Nussbacher
-
Radu-Adrian Feurdean
-
William Herrin