[127137] in North American Network Operators' Group
Re: ipv6 bogon / martian filter - simple
daemon@ATHENA.MIT.EDU (William F. Maton Sotomayor)
Mon Jun 14 20:37:31 2010
Date: Mon, 14 Jun 2010 20:36:51 -0400 (EDT)
From: "William F. Maton Sotomayor" <wmaton@ryouko.imsb.nrc.ca>
To: Brandon Applegate <brandon@burn.net>
In-Reply-To: <alpine.DEB.1.00.1006141931490.6227@orbital.burn.net>
Cc: nanog@nanog.org
Reply-To: wmaton@ryouko.imsb.nrc.ca
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mon, 14 Jun 2010, Brandon Applegate wrote:
> I mean really simple. Like 2000::/3. If it's not in there it's bogon, yes ?
Been using that on the advanced networks side for ... OK, years. Seems to
work. Kept unseemingly bogons like 1000::/3 out, except for the
deprecated 6bone pTLA, 3FFF::
> What I'm really asking, is for folks thoughts on using this - is it too
> restrictive ?
For leaks of old 6bone space, which I haven't seen for a long while,
probably not. But filter aginst that, and maybe it will be fine. It's
all in the RIR allocations....
> How long until it's obsolete ?
>
> Should be a really long time no ?
Mmm...Last table entry in my table is: 2C0F:FE18::/32. Maybe 2000::/4
will do, but that might not last very long as an ACL, given the proximty
of 2Cxx:: to 2FFF::
> Again, just looking for some feedback either way. Would be very nice to have
> a single line ACL do this job.
>
> --
> Brandon Applegate - CCIE 10273
> PGP Key fingerprint:
> 7407 DC86 AA7B A57F 62D1 A715 3C63 66A1 181E 6996
> "SH1-0151. This is the serial number, of our orbital gun."
>
>
wfms
