ARIN space not accepted

Kevin_Oberman · December 4, 2010, 6:43am

From: Valdis.Kletnieks@vt.edu
> From: Valdis.Kletnieks@vt.edu
Date: Fri, 03 Dec 2010 20:00:15 -0500

> It is speculated that no later than Q1, two more /8's will be allocated,
> triggering a policy that will give the remaining 5 /8's out to the
> RIR's. That means, prior to end of Q1, the bogon list will be:
>
> 0/8
> 10/8
> 127/8
> 172.16/12
> 192.168/16
> 224/3

Oh. And don't forget to do *bidirectional* filtering of these addresses.

Ahh, not quite. Blocking 224/3 bi-directionally might cause a few issues
if you accept multicast traffic from anyone.

Rob_Seastrom2 · December 6, 2010, 12:30pm

"Kevin Oberman" <oberman@es.net> writes:

From: Valdis.Kletnieks@vt.edu
> From: Valdis.Kletnieks@vt.edu
Date: Fri, 03 Dec 2010 20:00:15 -0500

> It is speculated that no later than Q1, two more /8's will be allocated,
> triggering a policy that will give the remaining 5 /8's out to the
> RIR's. That means, prior to end of Q1, the bogon list will be:
>
> 0/8
> 10/8
> 127/8
> 172.16/12
> 192.168/16
> 224/3

Oh. And don't forget to do *bidirectional* filtering of these addresses.

Ahh, not quite. Blocking 224/3 bi-directionally might cause a few issues
if you accept multicast traffic from anyone.

You mean like other routers that are speaking OSPF?

(people should understand the side effects of filtering before they conf t).

-r

Jeroen_van_Aart · December 7, 2010, 1:02am

From: Valdis.Kletnieks@vt.edu

From: Valdis.Kletnieks@vt.edu

Date: Fri, 03 Dec 2010 20:00:15 -0500

224/3

Oh. And don't forget to do *bidirectional* filtering of these addresses.

Ahh, not quite. Blocking 224/3 bi-directionally might cause a few issues
if you accept multicast traffic from anyone.

240/4 appears to be reserved for "Future use"...

"[15] Reserved for future use (formerly "Class E") [RFC1112]"

Steven_Bellovin · December 7, 2010, 7:19pm

Bidirectional blocking of traffic with source addresses in 224/3 -- that should never happen unless I badly misunderstand multicast.

--Steve Bellovin, http://www.cs.columbia.edu/~smb

Valdis_Kletnieks · December 7, 2010, 11:40pm

If you're smart enough to actually do multicast, you're smart enough to remove
the filter for 224/3. If you're not smart enough to remove the filter, or
you're smart enough but you're one of the 95% that doesn't do multicast, your
site should be doing bidirectional filtering of 224/3.

(Do you really want your users emitting outbound packets to/from 224/3 if you
don't actually do multicast? Probably not...)