http://bgp.he.net/net/100.100.0.0/24#_bogon
A surprising number of large transit ASes appear to be more than willing to accept this prefix from AS4847.
I'd be a lot happier if there were fewer.
thanks
joel
that took longer than expected.
the internet has failed my expectations.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ERROR: 100.100.0.0/24 Not Found - bgp.he.net
A surprising number of large transit ASes appear to be more than
willing to
accept this prefix from AS4847.
that took longer than expected.
the internet has failed my expectations.
I learnt to use whois for such strange results! 
anurag@laptop:~$ whois 100.64.0.0
ERROR: 100.100.0.0/24 Not Found - bgp.he.net
A surprising number of large transit ASes appear to be more than willing
to accept this prefix from AS4847.
a private address space leak? and propagated. i am deeply shocked.
wtf did people think would happen?
randy
ERROR: 100.100.0.0/24 Not Found - bgp.he.net
A surprising number of large transit ASes appear to be more than willing
to accept this prefix from AS4847.a private address space leak? and propagated. i am deeply shocked.
wtf did people think would happen?
I'm unsurprised that not all filters are in place, more or less where they weren't however is another matter.
by all accounts this has been advertised since 8/24.
space allocated: 2012-03-13
that's 5 months and 11 days too long.
I suspect not everyone has updated their 'bogon' filters. I found a very minor gap in our filters, we are working on correcting it.
- Jared
by all accounts this has been advertised since 8/24.
space allocated: 2012-03-13
that's 5 months and 11 days too long.I suspect not everyone has updated their 'bogon' filters. I found a very minor gap in our filters, we are working on correcting it.
I would imagine though I am open to other interpreations that, the root cause of the leak lies there as well.
Our issue is the templates were updated except for all but one type of device.
If you see issues with 2914 folks can ping me off-list.
- jared
by all accounts this has been advertised since 8/24.
space allocated: 2012-03-13
that's 5 months and 11 days too long.
no one noticed the other leaks
use this:
Please tell me how I can configure my router to use that feed to
automatically reject any bogon advertisements I receive from other BGP
neigbhors.
Please tell me how I can configure my router to use that feed to
automatically reject any bogon advertisements I receive from other BGP
neigbhors.
you actually have to look at that web page
В 16:22 -0700 на 06.10.2012 (сб), Randy Bush написа:
>> http://www.team-cymru.org/Services/Bogons/bgp.html
> Please tell me how I can configure my router to use that feed to
> automatically reject any bogon advertisements I receive from other BGP
> neigbhors.you actually have to look at that web page
If you're seeing the same page, the configs and explanations there show
how to drop packets destined to bogons, not routes.
(I also want to know the answer to that question)
Please tell me how I can configure my router to use that feed to
automatically reject any bogon advertisements I receive from other BGP
neigbhors.you actually have to look at that web page
If you're seeing the same page, the configs and explanations there show
how to drop packets destined to bogons, not routes.(I also want to know the answer to that question)
then read the frelling page!!!
router bgp <your asn>
! Session 1
neighbor A.B.C.D remote-as 65332
neighbor A.B.C.D description <your description>
neighbor A.B.C.D ebgp-multihop 255
neighbor A.B.C.D password <your password>
! Session 2
neighbor E.F.G.H remote-as 65332
neighbor E.F.G.H description <your description>
neighbor E.F.G.H ebgp-multihop 255
neighbor E.F.G.H password <your password>
!
address-family ipv4
! Session 1
neighbor A.B.C.D activate
neighbor A.B.C.D soft-reconfiguration inbound
neighbor A.B.C.D prefix-list cymru-out-v4 out
neighbor A.B.C.D route-map CYMRUBOGONS-V4 in
! Session 2
neighbor E.F.G.H activate
neighbor E.F.G.H soft-reconfiguration inbound
neighbor E.F.G.H prefix-list cymru-out-v4 out
neighbor E.F.G.H route-map CYMRUBOGONS-V4 in
!
address-family ipv6
! Session 1
neighbor A.B.C.D activate
neighbor A.B.C.D soft-reconfiguration inbound
neighbor A.B.C.D prefix-list cymru-out-v6 out
neighbor A.B.C.D route-map CYMRUBOGONS-V6 in
! Session 2
neighbor E.F.G.H activate
neighbor E.F.G.H soft-reconfiguration inbound
neighbor E.F.G.H prefix-list cymru-out-v6 out
neighbor E.F.G.H route-map CYMRUBOGONS-V6 in
!
! Depending on IOS version, you may need to configure your router
! for new-style community syntax.
ip bgp-community new-format
!
ip community-list 100 permit 65332:888
!
ip route 192.0.2.1 255.255.255.255 Null0
!
ip prefix-list cymru-out-v4 seq 5 deny 0.0.0.0/0 le 32
!
ipv6 route 2001:DB8:0:DEAD:BEEF::1/128 Null0
!
ipv6 prefix-list cymru-out-v6 seq 5 deny ::/0 le 128
!
route-map CYMRUBOGONS-V6 permit 10
description IPv6 Filter bogons learned from cymru.com bogon route-servers
match community 100
set ipv6 next-hop 2001:DB8:0:DEAD:BEEF::1
!
route-map CYMRUBOGONS-V4 permit 10
description IPv4 Filter bogons learned from cymru.com bogon route-servers
match community 100
set ip next-hop 192.0.2.1
plug: rfc 6666.
100::/64 is reserved for this purpose.
Nick
Kind of like the 192.0.2.1/32 for IPv4, huh?
no - 192.0.2.0/24 is formally "TEST-NET-1, documentation and examples",
like 2001:db8::/32.
100::/64 is specifically for discard and analysis style RTBHs. I.e. for
ipv6, you can now keep your documentation prefixes on your documentation.
Nick