Hi Everyone,
Just wanted to understand something about Bogons.
As per RFC3871 - A "Bogon" (plural: "bogons") is a packet with an IP source
address in an address block not yet allocated by IANA or the Regional
Internet Registries (ARIN, RIPE, APNIC...) as well as all addresses
reserved for private or special use by RFCs. See [RFC3330] and [RFC1918].
Q - Generally, Private or Reserved ASNs are considered as Bogon ASN but
what about unallocated ASNs?
Q - Is there any RFC (or even draft) which classify unallocated ASNs as
Bogon as well?
Additionally, Geoff Huston [1] explained all the possible classifications
of "Bogon" in his blog post back in 2004 --> "Sometimes a bogon is just a
case of keystroke error by a network operator, and the consequent bogons
are entirely inadvertent, and other times it may be a disagreement between
an end user and a registration authority"
Q - In the above scenario when an RIR deregister a resource (IPv4/v6 or
ASN) due to any disagreement (sometimes deregistration happens because of
non-payment and can be resolved in a few days/weeks). How long should a
service provider wait to mark them as bogon and stop advertising or
accepting it?
[1] - http://www.potaroo.net/ispcol/2004-04/2004-04-isp.htm
Q - Generally, Private or Reserved ASNs are considered as Bogon ASN but
what about unallocated ASNs?
Hi Aftab,
You can reasonably think of a bogon as any Internet number resource
which according to the registration authority should not appear on
whatever network is at issue.
Q - Is there any RFC (or even draft) which classify unallocated ASNs as
Bogon as well?
The RFCs offer guidelines and conventions in this, not hard rules. It
would be an error to treat them as hard rules.
Q - In the above scenario when an RIR deregister a resource (IPv4/v6 or
ASN) due to any disagreement (sometimes deregistration happens because of
non-payment and can be resolved in a few days/weeks). How long should a
service provider wait to mark them as bogon and stop advertising or
accepting it?
In my opinion: until the customer stops paying you or the authority
assigns the resource to someone else. As long as the resource was
properly assigned to the customer when they started advertising it,
there's no real angle to forcibly ending it sooner.
Regards,
Bill Herrin
If you don't have an automated update process running at decent time intervals (one week or more often, under no circumstance less than once a month) and you don't have processes in place that monitor that updates do happen properly with some corrective action being done when they don't - then stick with private or reserved.
If you do have everything needed, and are aware that what is unallocated today may be allocated tomorrow, then you can (should) go with private+reserved+unallocated option.
Hi,
> Q - Generally, Private or Reserved ASNs are considered as Bogon ASN but
> what about unallocated ASNs?
If you don't have an automated update process running at decent time
intervals (one week or more often, under no circumstance less than once a
month) and you don't have processes in place that monitor that updates do
happen properly with some corrective action being done when they don't -
then stick with private or reserved.
If you do have everything needed, and are aware that what is unallocated
today may be allocated tomorrow, then you can (should) go with
private+reserved+unallocated option.
Exactly, getting the right and updated info is so tricky that people only
filter Private+Reserved ASNs. Because of the same reason more than 600
unallocated ASNs are in the routing table as per the CIDR-Report.
Wouldn't that be simple to parse the list and start updating filters on
daily basis? I understand its troublesome for big operators. I've just
started this so lets see what happens 
but I can tell that the diff on
file created every night isn't much (around 10-20).
http://www.cidr-report.org/as2.0/#Bogons
Hi Bill,
> Q - Generally, Private or Reserved ASNs are considered as Bogon ASN but
> what about unallocated ASNs?
Hi Aftab,
You can reasonably think of a bogon as any Internet number resource
which according to the registration authority should not appear on
whatever network is at issue.
Perfect definition. I have the same opinion. BUT
Q - Is there any RFC (or even draft) which classify unallocated ASNs as
> Bogon as well?
The RFCs offer guidelines and conventions in this, not hard rules. It
would be an error to treat them as hard rules.
Recently, during a discussion with few decent size service providers who
pointed me to RFC3871 suggesting that the word Bogon is for "IP resources"
only. Hence, I asked this question here.
> Q - In the above scenario when an RIR deregister a resource (IPv4/v6 or
> ASN) due to any disagreement (sometimes deregistration happens because of
> non-payment and can be resolved in a few days/weeks). How long should a
> service provider wait to mark them as bogon and stop advertising or
> accepting it?
In my opinion: until the customer stops paying you or the authority
assigns the resource to someone else. As long as the resource was
properly assigned to the customer when they started advertising it,
there's no real angle to forcibly ending it sooner.
This is the current practice though it isn't the best one.
Been there, done that - 15 years ago with Barry:
https://www.nanog.org/meetings/nanog27/presentations/hank.pdf
IPs, ASNs, it don't matter...no one gives a sh*t. Not today, not 15
years ago.
Nowadays, the bible on being a good ISPs is defined by MANRS and if it
don't appear there then you and I are clearly delusional.
-Hank