[75869] in North American Network Operators' Group
Re: Best way to get of Bogon list?
daemon@ATHENA.MIT.EDU (Iljitsch van Beijnum)
Fri Nov 26 09:21:57 2004
In-Reply-To: <Pine.GSO.4.58.0411260727050.16329@rampart.argfrp.us.uu.net>
Cc: NANOG list <nanog@merit.edu>
From: Iljitsch van Beijnum <iljitsch@muada.com>
Date: Fri, 26 Nov 2004 15:21:24 +0100
To: "Christopher L. Morrow" <christopher.morrow@mci.com>
Errors-To: owner-nanog-outgoing@merit.edu
On 26-nov-04, at 8:29, Christopher L. Morrow wrote:
>> Can someone identify the *benefits* of using bogon lists for
>> unallocated
>> space? It appears that it only hurts connectivity, but does not help
>> in
>> any significant way to enhance security.
> It might be a way to proactively keep your part of the network
> 'cleaner'
> than the other parts... 'managed' properly and 'updated' regularly
> (when
> changes dictate an update is required) it might even be seemless to
> your
> userbase.
> The devil here is, as always, in the details. Once you move beyond some
> number of devices or acls or 'parts', making changes on a wide scale
> and
> keeping things up to date becomes more difficult.
I've never been a fan of bogon packet filtering (bogon route filtering
is more useful), but it occurs to me that it's probably better for us
network opertors to do this rather than have each and every firewall
admin do it for themselves.
I.e., in networks that do proper BCP38 filtering towards their
customers and bogon filtering on the edges to other networks, customers
will never see packets from bogon sources, making it unnecessary for
them to filter those themselves and thereby improving the plight of
those who get address space that was recently allocated to a RIR by the
IANA.
