Hi there, A customer of mine is reporting that there are a large number of addresses he can not reach with his addresses in the 109/8 range. This was declassified as a BOGON and assigned by IANA to RIPE in January 2009. If you have a manually updated BOGON list, can I please ask that you review it and update it as soon as possible please? His addresses in 89/8 and 83/8 work just fine, hence this presumption of BOGON filtering. Matthew Walster
Hi Matthew, I had the same problem with our new range assigned to us by APNIC, out of 110/8 You're in for a long, hard and frustrating road. If you manage to get in contact with anyone, or anyone responds to you, mind letting me know? I'd suspect they'd probably have us blocked still too, we've just not come across it yet. Regards, Shane Short On 09/10/2009, at 7:22 PM, Matthew Walster wrote:
Hi there,
A customer of mine is reporting that there are a large number of addresses he can not reach with his addresses in the 109/8 range. This was declassified as a BOGON and assigned by IANA to RIPE in January 2009.
If you have a manually updated BOGON list, can I please ask that you review it and update it as soon as possible please? His addresses in 89/8 and 83/8 work just fine, hence this presumption of BOGON filtering.
Matthew Walster
The 109/8 range was removed from our ISP Ingress Prefix Filters in version 22 (dated 6-Feb-2009): ftp://ftp-eng.cisco.com/cons/isp/security/Ingress-Prefix-Filter-Template s/T-ip-prefix-filter-ingress-loose-check-v22.txt Thanks, John -----Original Message----- From: Matthew Walster [mailto:matthew@walster.org] Sent: Friday, October 09, 2009 7:22 AM To: nanog@nanog.org Subject: 109/8 - not a BOGON Hi there, A customer of mine is reporting that there are a large number of addresses he can not reach with his addresses in the 109/8 range. This was declassified as a BOGON and assigned by IANA to RIPE in January 2009. If you have a manually updated BOGON list, can I please ask that you review it and update it as soon as possible please? His addresses in 89/8 and 83/8 work just fine, hence this presumption of BOGON filtering. Matthew Walster
On 09/10/2009 4:22, "Matthew Walster" <matthew@walster.org> wrote:
A customer of mine is reporting that there are a large number of addresses he can not reach with his addresses in the 109/8 range. This was declassified as a BOGON and assigned by IANA to RIPE in January 2009.
If you have a manually updated BOGON list, can I please ask that you review it and update it as soon as possible please? His addresses in 89/8 and 83/8 work just fine, hence this presumption of BOGON filtering.
This might be a good moment to list all the /8s allocated so far this year. 046/8 RIPE NCC 2009-09 whois.ripe.net ALLOCATED 002/8 RIPE NCC 2009-09 whois.ripe.net ALLOCATED 182/8 APNIC 2009-08 whois.apnic.net ALLOCATED 175/8 APNIC 2009-08 whois.apnic.net ALLOCATED 183/8 APNIC 2009-04 whois.apnic.net ALLOCATED 180/8 APNIC 2009-04 whois.apnic.net ALLOCATED 178/8 RIPE NCC 2009-01 whois.ripe.net ALLOCATED 109/8 RIPE NCC 2009-01 whois.ripe.net ALLOCATED Also, I'd like to mention that if you ever want to check your filters against the registry, we have made the columns sortable. It's now nice and easy to identify newly allocated /8s. http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xml Regards, Leo Vegoda
On Fri, Oct 09, 2009 at 12:22:01PM +0100, Matthew Walster wrote:
A customer of mine is reporting that there are a large number of addresses he can not reach with his addresses in the 109/8 range. This was declassified as a BOGON and assigned by IANA to RIPE in January 2009.
If you have a manually updated BOGON list, can I please ask that you review it and update it as soon as possible please? His addresses in 89/8 and 83/8 work just fine, hence this presumption of BOGON filtering.
A pingable address in the problem range would help people to quickly evaluate whether they have a problem in their network or upstreams... - Matt
2009/10/10 Matthew Palmer <mpalmer@hezmatt.org>
A pingable address in the problem range would help people to quickly evaluate whether they have a problem in their network or upstreams...
The router has the address "109.68.64.1" - saves giving out customer's IP. Does anyone have any recommendations for dealing with BOGON space that hasn't been defiltered by networks? Any ideas how to get people to update filter lists? Matthew Walster
I've found pinging a polite email to the whois contact on the ASN - sometimes- gives useful results, but not always. Be aware that you're not only dealing with router black-holes, but seemingly some people have applied bogon filtering to their BIND name servers also. If you can provide a non bogon IP within the same AS, it can be useful for the person at the other end-- shows them they have a problem. -Shane On 20/10/2009, at 4:51 PM, Matthew Walster wrote:
2009/10/10 Matthew Palmer <mpalmer@hezmatt.org>
A pingable address in the problem range would help people to quickly evaluate whether they have a problem in their network or upstreams...
The router has the address "109.68.64.1" - saves giving out customer's IP.
Does anyone have any recommendations for dealing with BOGON space that hasn't been defiltered by networks? Any ideas how to get people to update filter lists?
Matthew Walster
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/20/2009 8:01 AM, Shane Short wrote:
I've found pinging a polite email to the whois contact on the ASN -sometimes- gives useful results, but not always.
Be aware that you're not only dealing with router black-holes, but seemingly some people have applied bogon filtering to their BIND name servers also.
If you can provide a non bogon IP within the same AS, it can be useful for the person at the other end-- shows them they have a problem.
References to documents on bogon best practices are a good idea when trying to contact WHOIS contacts as well - our bogon reference page and the IANA IPv4 address space assignments page are probably good places to start on that: http://www.team-cymru.org/Services/Bogons/ http://www.iana.org/assignments/ipv4-address-space/ Shane makes a good point about BIND and other configs - we actually stopped including static bogons in our BIND and BGP/JunOS templates earlier this year because we found they were being used and not updated, despite our warnings not to do so. Best regards, Tim Wilde - -- Tim Wilde, Senior Software Engineer, Team Cymru, Inc. twilde@cymru.com | +1-630-230-5433 | http://www.team-cymru.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkrdzSwACgkQluRbRini9tgJaACfRnjhFKCv7sKUuNc98r+sn0cG DDUAn2K5ASv8Pmi+UCbLw0NM6k64r+AF =Lo8x -----END PGP SIGNATURE-----
participants (6)
-
John Stuppi (jstuppi)
-
Leo Vegoda
-
Matthew Palmer
-
Matthew Walster
-
Shane Short
-
Tim Wilde