RE: 72/8 friendly reminder
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Christopher L. Morrow Sent: Wednesday, March 23, 2005 2:12 PM To: Randy Bush Cc: nanog@merit.edu Subject: Re: 72/8 friendly reminder
On Wed, 23 Mar 2005, Randy Bush wrote:
We were recently assigned a 72.244/16 allocation from
ARIN. Friendly
reminder that ARIN started allocating 72/8 since Aug. If you have a static bogon filters, can you please make sure they are updated. Thank if you are really worried about this, and i can understand your being so, then make it easy for the busy folk here (not those pontificating on law and morals in the rocky mountains) to test. give us an address we can ping.
a bit more coffee made me realize that what might best occur would be for the rir, some weeks BEFORE assigning from a new block issued by the iana, put up a pingable for that space and announce it on the lists so we can all test BEFORE someone uses space from that block.
So, it's probably a multifaceted problem: 1) acls (router) 2) firewalls (host) 3) route acceptance (routers)
Some can be audited 'easily' some are 'set and forget' (or forgot :( )
Ping might just be dropped to destinations, before any idea of 'ip space' filters (think www.sun.com filters). You really have to test with the protocols your main user base might be using (http/https).
I believe this would have to be an RIR policy, though. ARIN is holding an open mic to present a few blurbs on potential policy at the Orlando meeting. It might be an idea for some operators to hook up at the meeting prior to the open mic and talk more. It's too late to make a proposal for this upcoming meeting, but not the next one. And that's a joint NANOG/ARIN meeting, IIRC. -M<
a bit more coffee made me realize that what might best occur would be for the rir, some weeks BEFORE assigning from a new block issued by the iana, put up a pingable for that space and announce it on the lists so we can all test BEFORE someone uses space from that block.
So, it's probably a multifaceted problem: 1) acls (router) 2) firewalls (host) 3) route acceptance (routers)
Some can be audited 'easily' some are 'set and forget' (or forgot :( )
Ping might just be dropped to destinations, before any idea of 'ip space' filters (think www.sun.com filters). You really have to test with the protocols your main user base might be using (http/https).
I believe this would have to be an RIR policy, though. ARIN is holding an open mic to present a few blurbs on potential policy at the Orlando meeting. It might be an idea for some operators to hook up at the meeting prior to the open mic and talk more. It's too late to make a proposal for this upcoming meeting, but not the next one.
And that's a joint NANOG/ARIN meeting, IIRC.
<sigh> this is not the ivtf. let's not see how complex we can make things. please remember yagni. let's see how SIMPLY this can be to get 80% of the effect for 10% of the effort and hardware sales. randy
participants (2)
-
Hannigan, Martin -
Randy Bush