Filters

James james at towardex.com
Tue May 24 02:07:52 CEST 2005 

On Mon, May 23, 2005 at 04:30:24PM -0700, Jimmy Sadri wrote:
> Hi all,
> 
> 	Does anyone have any good links to ipv6 bogon lists
> so far I've found this one
> http://www.space.net/~gert/RIPE/ipv6-filters.html 
> but it seems a little outdated.  Actually, if you people wouldn't mind
> I'd like
> to see what people are actually using on their routers... post your
> bogon filter
> if you want.  If you could give a little explaination as to why you
> block things and
> weather you consider it to be a strict or more loose.
> 
> Thanks
> 
> ============================================
> Jimmy Sadri
> Network Engineer
> Infinity Internet
> Email: jsadri at infinityinternet.com
> Phone: 360-816-9153 = 800-689-4303 ext. 39153
> Fax: 360-254-3898
> www.iinet.com
>

Hi Jimmy,

This is what we use:

cr1.ord1.us> sh ipv prefix ipv6-ebgp-relaxed
ipv6 prefix-list ipv6-ebgp-strict: 8 entries
   seq 5 deny 2001:db8::/32 le 128
   seq 10 permit 2002::/16
   seq 15 deny 2002::/16 le 128
   seq 20 deny ::/8 le 128
   seq 25 deny fe00::/9 le 128
   seq 30 deny ff00::/8 le 128
   seq 35 permit ::/0 le 48
   seq 40 deny ::/0 le 128
 
We used to filter aggressively using strict filters in the past however
just recently we decided to stop doing that and switched to relaxed bogon
filtering for two reasons:

1. With increasing routers with peering sessions on the network, it is
starting to become more cumbersome to update these all the time.  The
strict filters are always _never_ "install and forget", "one time setup"
filtering, you always have to maintain it each time there is a new
allocation.

2. Some of our enterprise-oriented downstreams had difficulties in
acquiring a /48 PI block.  While it is true that ARIN is pretty nice in
approving /32 PI blocks, it was unreasonable to request /32 size when
the network is not big enough to make such a justification.  We believe
it is better to allow legitimate multihoming by these entities than
maintain strict bogon filtering which require continuing maintenance.


-J

-- 
James Jun
Infrastructure and Technology Services
TowardEX Technologies
Office +1-617-459-4051 x179 | Mobile +1-978-394-2867
james at towardex.com | www.towardex.com

More information about the ipv6-ops mailing list