All, I was researching BOGON prefixes and found a reference from IANA listing special-purpose addresses, URLs listed below. Based on my understanding of the list I think I should be able to block all of the entries from my upstream peerings without affecting normal internet traffic. I assume that there would only be special scenarios that the addresses listed in the special-purpose entry would be used. I am interested to hear what others are doing when it comes to blocking BOGON NLRI from their upstream BGP peerings. If anyone has any insight into this please let me know your thoughts, I would love to discuss more on the topic. URLs: https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-specia... https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-specia... Thanks, Gabriel L. Terry
Hi Gabriel, On Thu, 21 Mar 2024 at 15:02, Gabriel Terry <gterry@acentek.net> wrote:
All,
I was researching BOGON prefixes and found a reference from IANA listing special-purpose addresses, URLs listed below. Based on my understanding of the list I think I should be able to block all of the entries from my upstream peerings without affecting normal internet traffic.
You should look at the values in the globally reachable column. Some of the entries should be globally reachable, barring your own local policy. For instance, many networks want to allow access to the AS112 service. Regards, Leo
Hi Gabriel, for v6 you may find the following helpful: https://theinternetprotocolblog.wordpress.com/2020/01/15/some-notes-on-ipv6-... cheers Enno On Thu, Mar 21, 2024 at 07:20:53PM +0000, Gabriel Terry wrote:
All,
I was researching BOGON prefixes and found a reference from IANA listing special-purpose addresses, URLs listed below. Based on my understanding of the list I think I should be able to block all of the entries from my upstream peerings without affecting normal internet traffic. I assume that there would only be special scenarios that the addresses listed in the special-purpose entry would be used. I am interested to hear what others are doing when it comes to blocking BOGON NLRI from their upstream BGP peerings. If anyone has any insight into this please let me know your thoughts, I would love to discuss more on the topic.
URLs: https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-specia... https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-specia...
Thanks,
Gabriel L. Terry
-- Enno Rey Cell: +49 173 6745902 Twitter: @Enno_Insinuator IPv6 Blog: https://theinternetprotocolblog.wordpress.com
bogons.cymru.com has been around as a BGP feed for a long long time. https://www.team-cymru.com/bogon-networks From: NANOG <nanog-bounces+ops.lists=gmail.com@nanog.org> on behalf of Gabriel Terry <gterry@acentek.net> Date: Friday, 22 March 2024 at 3:56 PM To: nanog@nanog.org <nanog@nanog.org> Subject: v4 and v6 BOGON list All, I was researching BOGON prefixes and found a reference from IANA listing special-purpose addresses, URLs listed below. Based on my understanding of the list I think I should be able to block all of the entries from my upstream peerings without affecting normal internet traffic. I assume that there would only be special scenarios that the addresses listed in the special-purpose entry would be used. I am interested to hear what others are doing when it comes to blocking BOGON NLRI from their upstream BGP peerings. If anyone has any insight into this please let me know your thoughts, I would love to discuss more on the topic. URLs: https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-specia... https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-specia... Thanks, Gabriel L. Terry
+1 On 3/22/24 11:28, Suresh Ramasubramanian wrote:
bogons.cymru.com has been around as a BGP feed for a long long time.
https://www.team-cymru.com/bogon-networks <https://www.team-cymru.com/bogon-networks>
*From: *NANOG <nanog-bounces+ops.lists=gmail.com@nanog.org> on behalf of Gabriel Terry <gterry@acentek.net> *Date: *Friday, 22 March 2024 at 3:56 PM *To: *nanog@nanog.org <nanog@nanog.org> *Subject: *v4 and v6 BOGON list
All,
I was researching BOGON prefixes and found a reference from IANA listing special-purpose addresses, URLs listed below. Based on my understanding of the list I think I should be able to block all of the entries from my upstream peerings without affecting normal internet traffic. I assume that there would only be special scenarios that the addresses listed in the special-purpose entry would be used. I am interested to hear what others are doing when it comes to blocking BOGON NLRI from their upstream BGP peerings. If anyone has any insight into this please let me know your thoughts, I would love to discuss more on the topic.
URLs:
https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-specia... <https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml>
https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-specia... <https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml>
*Thanks,*
*Gabriel L. Terry*
participants (5)
-
Bryan Holloway
-
Enno Rey
-
Gabriel Terry
-
Leo Vegoda
-
Suresh Ramasubramanian