[arin-ppml] The problem with IPv4 bogon and listing them
Kevin Kargel
kkargel at polartel.com
Wed Oct 29 16:28:41 EDT 2008
<Another tersing snip>
> >
> > Ted,
> >
> > I agree with all of your points in this message. Actually in
> > fact, we are more in line than recent missives would indicate.
> >
> > I do, however, stipulate that the downsides are mitigated if
> > it is ARIN that is running the bogon list, as accuracy and
> > timeliness would be vastly improved. Also with ARIN running
> > the list it could relatively easily be tied in to ARIN WHOIS,
> > making automation of the routing declinations possible.
> >
>
> Very good.
>
> > I agree that without much closer interwork between ARIN and
> > CYMRU that blind adoption of the CYMRU list would be
> > foolhardy. As it stands it is a great reference, but not a
> > great authoritative reference.
> >
> > If money is needed to fund an ARIN bogon effort it could
> > easily be offered as a subscription service. I would happily
> > pay a reasonable fee.
> >
>
> I don't see that yet another fee is necessary here. ARIN
> already has a database - whois. An effort really needs to be
> made to get the number blocks listed in whois to align with what
> is actually assigned, don't you think? Whois should not list
> network entries for blocks that are in the free pool, and
> there should not be assigned blocks that lack an entry in
> whois.
Hmm.. I'll have to think about this one.. On the surface filtering WHOIS
to function also as (not)bogon sounds like a great idea. Starting with
Bogon(not) is much more functional than reducing the database (world) by the
contents of (bogon).
Ties to BGP should be relatively easy, and application in IPv6 would be
natural.
The fly in the ointment is that if this becomes popular the WHOIS becomes
incredibly busy. Lots of people querying for every subnet in the world.
Publishing the result would be much more efficient. A simple solution would
be if ARIN made available canned ACL's for the most popular routers on
secure tftp (HA!) servers that routers could suck to update on a regular
basis. Or these could be sucked by admins, parsed to their whims (or for
oddball routers) and pushed to the edge.
>
> Ideally, a bogon list should be able to be generated by running
> a query that iterates through every /24 in the IP numberspace
> and queries it against the whois database, and the list would
> be all queries that return "no object found"
>
> Ted
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3107 bytes
Desc: not available
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20081029/219b7f0d/attachment.bin>
More information about the ARIN-PPML
mailing list