[arin-ppml] The problem with IPv4 bogon and listing them

Ted Mittelstaedt tedm at ipinc.net
Wed Oct 29 16:14:16 EDT 2008 


> -----Original Message-----
> From: arin-ppml-bounces at arin.net 
> [mailto:arin-ppml-bounces at arin.net] On Behalf Of Kevin Kargel
> Sent: Wednesday, October 29, 2008 1:06 PM
> To: ppml at arin.net
> Subject: Re: [arin-ppml] The problem with IPv4 bogon and listing them
> 
> 
> 
> > -----Original Message-----
> > From: Ted Mittelstaedt [mailto:tedm at ipinc.net]
> > Sent: Wednesday, October 29, 2008 2:46 PM
> > To: ppml at arin.net
> > Cc: Kevin Kargel
> > Subject: The problem with IPv4 bogon and listing them
> > 
> > 
> > Kevin, let's talk about bogons.  We have Cymru running their
> > list here:
> > 
> > http://www.cymru.com/Documents/bogon-list.html
> > 
> > but, I'll quote from the text on the list:
> > 
> > "...IANA allocations change over time, so please check back
> > regularly to ensure you have the latest filters. I can not 
> > stress this point strongly enough - these allocations change, 
> > as often as every four months...."
> > 
> > Checking back every 4 MONTHS?  So that
> > means if I request IPv4 that's dirty, on this list, and I get
> > it, that I have to wait
> > 4 months before using it?  And that's just for the people out 
> > there who are following the recommendation.
> > 
> > People are generating router ACL's from this list, and NOT
> > updating them in any timely 4 month intervals.  Consider that 
> > it might take a couple YEARS from delisting on this list for 
> > the subnets to be usable.
> > 
> > It would be very foolish in my opinion to place IPv4 that is
> > returned from orgs who have been using it, on to this list.  
> > Frankly, ARIN should be working through this list right NOW 
> > and identifying if any subnets on it are theirs, and taking 
> > steps to recover those subnets and place them back into the 
> > free pool.  
> > 
> > Ted
> > 
> > 
> 
> Ted,
> 
> I agree with all of your points in this message. Actually in 
> fact, we are more in line than recent missives would indicate.
> 
> I do, however, stipulate that the downsides are mitigated if 
> it is ARIN that is running the bogon list, as accuracy and 
> timeliness would be vastly improved.  Also with ARIN running 
> the list it could relatively easily be tied in to ARIN WHOIS, 
> making automation of the routing declinations possible.  
> 

Very good.

> I agree that without much closer interwork between ARIN and 
> CYMRU that blind adoption of the CYMRU list would be 
> foolhardy.  As it stands it is a great reference, but not a 
> great authoritative reference.
> 
> If money is needed to fund an ARIN bogon effort it could 
> easily be offered as a subscription service.  I would happily 
> pay a reasonable fee.
> 

I don't see that yet another fee is necessary here.  ARIN
already has a database - whois.  An effort really needs to be
made to get the number blocks listed in whois to align with what
is actually assigned, don't you think?  Whois should not list
network entries for blocks that are in the free pool, and
there should not be assigned blocks that lack an entry in
whois.

Ideally, a bogon list should be able to be generated by running
a query that iterates through every /24 in the IP numberspace
and queries it against the whois database, and the list would
be all queries that return "no object found"

Ted

More information about the ARIN-PPML mailing list